CVE-2018-5247
Description
Memory leaks in ImageMagick's ReadRLAImage function can lead to denial of service when processing crafted RLA files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory leaks in ImageMagick's ReadRLAImage function can lead to denial of service when processing crafted RLA files.
Vulnerability
In ImageMagick 7.0.7-17 Q16, the ReadRLAImage function in coders/rla.c contains memory leaks. The leak occurs at line 271:34 when a malformed RLA image is processed, as demonstrated in the GitHub issue [2]. The vulnerability affects ImageMagick versions up to and including 7.0.7-17.
Exploitation
An attacker can exploit this vulnerability by crafting a malicious RLA image file. If a user or automated system opens this file with ImageMagick (e.g., via the montage command as shown in [2]), the memory leak is triggered. No authentication is required; only user interaction (opening the file) is needed.
Impact
Successful exploitation leads to memory exhaustion, causing a denial of service (DoS). The Ubuntu security advisory [1] notes that similar issues could potentially lead to code execution, but for this specific CVE, the direct impact is memory leaks that degrade system performance or cause crashes.
Mitigation
The issue is fixed in ImageMagick versions after 7.0.7-17. Ubuntu released updates in USN-3681-1 (2018-06-04) for Ubuntu 18.04 LTS and other releases [1]. Users should update to the patched version. As a workaround, avoid processing untrusted RLA files until the update is applied.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17- Range: =7.0.7-17
- osv-coords16 versionspkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 1.2.5-4.78.28.2+ 15 more
- (no CPE)range: < 1.2.5-4.78.28.2
- (no CPE)range: < 1.2.5-4.78.28.2
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.4.3.6-7.78.22.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.4.3.6-7.78.22.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.4.3.6-7.78.22.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
- (no CPE)range: < 6.8.8.1-71.26.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The ReadRLAImage function in coders/rla.c leaks memory when processing RLA image files."
Attack vector
An attacker can trigger this vulnerability by providing a specially crafted RLA image file to the ImageMagick `montage` command. The processing of this malicious file within the `ReadRLAImage` function leads to a memory leak, as indicated by the LeakSanitizer output [ref_id=1]. This leak occurs during the handling of RLA image data.
Affected code
The vulnerability resides in the `ReadRLAImage` function located in the `coders/rla.c` file within ImageMagick version 7.0.7-17 Q16 [ref_id=1]. The memory leak is specifically associated with the allocation and subsequent failure to deallocate a `pixel` object within this function.
What the fix does
The patch addresses the memory leak by ensuring that allocated memory is properly freed within the `ReadRLAImage` function. Specifically, it adds a `DestroyPixelPacket(pixel)` call before returning in error conditions, preventing the leak of the `pixel` object [ref_id=1]. This ensures that resources are released even when an improper image header is encountered.
Preconditions
- inputThe user must provide a specially crafted RLA image file.
- configThe affected version of ImageMagick (7.0.7-17 Q16) must be installed.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- usn.ubuntu.com/3681-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/ImageMagick/ImageMagick/issues/928mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.