VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 20, 2018· Updated Aug 5, 2024

CVE-2018-14437

CVE-2018-14437

Description

ImageMagick 7.0.8-4 has a memory leak in parse8BIM() in coders/meta.c that can lead to denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ImageMagick 7.0.8-4 has a memory leak in parse8BIM() in coders/meta.c that can lead to denial of service.

Vulnerability

ImageMagick version 7.0.8-4 contains a memory leak in the parse8BIM function located in coders/meta.c [2]. The function allocates a buffer via AcquireQuantumMemory at line 327 but fails to free it on several early return paths (e.g., when TellBlob or SeekBlob returns an error) [2]. This affects any user or process that triggers parsing of image metadata containing 8BIM (Photoshop) resource blocks.

Exploitation

An attacker who can supply a crafted image file to ImageMagick (e.g., via a web application that processes user-uploaded images) can trigger the parse8BIM code path [1]. No special privileges or network position beyond the ability to upload or provide an image file are required. By repeatedly sending such images, the leak accumulates memory, eventually exhausting system resources.

Impact

Successful exploitation causes memory exhaustion, leading to a denial of service condition on the affected system [1]. This is a low-severity confidentiality/integrity impact but can make ImageMagick or dependent services unavailable.

Mitigation

ImageMagick released fixes in version 7.0.8-5 or later; users should upgrade to a patched version [1]. Ubuntu published USN-3785-1 on 2018-09-18 to address this and related issues [1]. No workaround besides upgrading or restricting image file processing is known; the default policy change in that update also disables dangerous PostScript/PDF decoders, but the memory leak itself requires a code fix.

References
  1. USN-3785-1: ImageMagick vulnerabilities | Ubuntu security notices | Ubuntu
  2. memory leak bug in meta.c: parse8BIM() function

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

11

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Memory leak in parse8BIM() due to missing free of the 'line' buffer on certain error return paths."

Attack vector

An attacker can trigger the memory leak by providing a crafted image file that causes parse8BIM() to enter one of the error-return paths at lines where `currentpos < 0` or `offset < 0` is detected [ref_id=1]. The function allocates a heap buffer via `AcquireQuantumMemory` for the `line` variable but does not free it before returning -1 on these specific error conditions [ref_id=1]. Repeatedly processing such crafted files can exhaust memory resources, leading to a denial-of-service condition.

Affected code

The bug is in the `parse8BIM()` function in `coders/meta.c` [ref_id=1]. Memory is allocated for the `line` variable at approximately line 327 via `AcquireQuantumMemory`, but is not freed on three error-return paths inside the `if (savedolen > 0)` block around line 436 [ref_id=1].

What the fix does

The advisory does not include a patch, but the fix would require freeing the `line` buffer before each `return(-1)` statement in the error-handling paths shown at lines around savedolen/offset checks [ref_id=1]. Specifically, the three return points inside the `if (savedolen > 0)` block must call a deallocation routine (e.g., `RelinquishMagickMemory(line)`) before returning. Without this change, the allocated memory is leaked whenever those error conditions are met [ref_id=1].

Preconditions

  • inputAttacker must supply a crafted image file that triggers the error paths in parse8BIM() where currentpos < 0 or offset < 0.

Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.