CVE-2018-7443
Description
ImageMagick 7.0.7-23 fails to validate image data size in TIFF files, allowing remote denial of service via memory allocation failure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.7-23 fails to validate image data size in TIFF files, allowing remote denial of service via memory allocation failure.
Vulnerability
The ReadTIFFImage function in coders/tiff.c of ImageMagick versions 7.0.7-23 Q16 and earlier does not properly validate the amount of image data in a TIFF file. This allows a crafted TIFF to trigger an excessive memory allocation in AcquireMagickMemory (MagickCore/memory.c), leading to a denial of service [1][2].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted TIFF image file to a user or automated system that processes images with ImageMagick. No authentication or special network position is required beyond being able to deliver the malformed file (e.g., via a website, email attachment, or file upload). When the file is opened (e.g., with convert ../test.tif /dev/null), ImageMagick attempts to allocate an enormous amount of memory, causing the application to crash [2].
Impact
Successful exploitation results in a denial of service (DoS) due to memory allocation failure. In some cases, the crash may lead to arbitrary code execution with the privileges of the user invoking ImageMagick, though the primary observed impact is resource exhaustion and application termination [1].
Mitigation
The vulnerability is fixed by updating ImageMagick to a patched version. Ubuntu released security updates (USN-3681-1) on 2018-05-01, providing packages for Ubuntu 17.10, 18.04 LTS, and 16.04 LTS that address this issue [1]. Users should upgrade ImageMagick to the latest available version for their distribution. No workaround is provided; the safest mitigation is to apply the update.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
15- Range: <=7.0.7-23
- osv-coords14 versionspkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 6.8.8.1-71.47.1+ 13 more
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.4.3.6-78.40.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.4.3.6-78.40.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.4.3.6-78.40.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
- (no CPE)range: < 6.8.8.1-71.47.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The ReadTIFFImage function does not properly validate the amount of image data in a file, leading to excessive memory allocation."
Attack vector
A remote attacker can trigger this vulnerability by providing a specially crafted TIFF image file to the ImageMagick `convert` command. The `ReadTIFFImage` function in `coders/tiff.c` processes this file, and due to insufficient validation, it attempts to allocate an excessive amount of memory. This leads to a denial of service when the `AcquireMagickMemory` function fails to allocate the requested memory [ref_id=1].
Affected code
The vulnerability resides in the `ReadTIFFImage` function located in the `coders/tiff.c` file. This function is responsible for parsing TIFF image data. The issue arises from a lack of validation on the image data size, which can lead to an attempted allocation of an excessive amount of memory via the `AcquireMagickMemory` function in `MagickCore/memory.c` [ref_id=1].
What the fix does
The patch addresses the vulnerability by implementing proper validation for the amount of image data read from a TIFF file within the `ReadTIFFImage` function. This prevents the function from attempting to allocate an unreasonably large amount of memory, thus avoiding the memory allocation failure in `AcquireMagickMemory` and mitigating the denial of service.
Preconditions
- inputA specially crafted TIFF image file.
- configThe ImageMagick software must be configured to process TIFF images.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- usn.ubuntu.com/3681-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/ImageMagick/ImageMagick/issues/999mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2018/02/msg00028.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2020/08/msg00030.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.