CVE-2018-6405
Description
ImageMagick before 7.0.7-23 has a memory leak in ReadDCMImage that allows remote denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick before 7.0.7-23 has a memory leak in ReadDCMImage that allows remote denial of service.
Vulnerability
In ImageMagick before 7.0.7-23, the ReadDCMImage function in coders/dcm.c allocates memory for redmap, greenmap, and bluemap but does not free previously allocated pointers before reassigning them. This results in a memory leak when processing crafted DICOM (DCM) files, as reported in [1].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted DCM image file to an application using the vulnerable ImageMagick library. The attack requires no authentication and can be performed remotely, e.g., by tricking a user into processing the file via commands like convert.
Impact
Successful exploitation leads to a memory leak, which can consume increasing amounts of memory and eventually cause a denial of service (DoS) due to memory exhaustion. No other impact on confidentiality or integrity is reported.
Mitigation
The vulnerability is fixed in ImageMagick version 7.0.7-23 [1]. Users should upgrade to this version or later. No workaround is available for unpatched versions.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17- Range: <7.0.7-23
- osv-coords16 versionspkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 1.2.5-4.78.38.1+ 15 more
- (no CPE)range: < 1.2.5-4.78.38.1
- (no CPE)range: < 1.2.5-4.78.38.1
- (no CPE)range: < 6.8.8.1-71.42.1
- (no CPE)range: < 6.8.8.1-71.42.1
- (no CPE)range: < 6.4.3.6-7.78.34.1
- (no CPE)range: < 6.8.8.1-71.42.1
- (no CPE)range: < 6.8.8.1-71.42.1
- (no CPE)range: < 6.8.8.1-71.42.1
- (no CPE)range: < 6.4.3.6-7.78.34.1
- (no CPE)range: < 6.8.8.1-71.42.1
- (no CPE)range: < 6.8.8.1-71.42.1
- (no CPE)range: < 6.4.3.6-7.78.34.1
- (no CPE)range: < 6.8.8.1-71.42.1
- (no CPE)range: < 6.8.8.1-71.42.1
- (no CPE)range: < 6.8.8.1-71.42.1
- (no CPE)range: < 6.8.8.1-71.42.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The ReadDCMImage function in coders/dcm.c does not properly manage memory pointers, leading to leaks."
Attack vector
A remote attacker can trigger this vulnerability by providing a specially crafted DCM image file to the ImageMagick `convert` utility. The `ReadDCMImage` function, when processing this file, will repeatedly allocate memory for redmap, greenmap, and bluemap variables without freeing the previously allocated memory. This repeated allocation and loss of pointers leads to a memory leak. The advisory indicates that this can be triggered by running `magick convert <input.dcm> <output.png>` [ref_id=1].
Affected code
The vulnerability exists within the `ReadDCMImage` function located in the `coders/dcm.c` file. Specifically, the lines where `redmap`, `greenmap`, and `bluemap` are allocated using `AcquireQuantumMemory` are affected. When these variables are reassigned, the original pointers are lost, leading to a memory leak [ref_id=1].
What the fix does
The patch addresses the memory leak by ensuring that previously allocated memory for redmap, greenmap, and bluemap is freed before new memory is acquired. This prevents the loss of pointers and the subsequent accumulation of leaked memory. The advisory does not specify the exact patch ID, but the fix involves proper memory management within the `ReadDCMImage` function in `coders/dcm.c` [ref_id=1].
Preconditions
- inputA specially crafted DCM image file.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- usn.ubuntu.com/3681-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/ImageMagick/ImageMagick/issues/964mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.