CVE-2018-9133
Description
ImageMagick 7.0.7-26 Q16 hangs for tens of minutes when processing a tiny crafted TIFF file due to excessive iteration in DecodeLabImage/EncodeLabImage, allowing remote denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.7-26 Q16 hangs for tens of minutes when processing a tiny crafted TIFF file due to excessive iteration in DecodeLabImage/EncodeLabImage, allowing remote denial of service.
Vulnerability
ImageMagick version 7.0.7-26 Q16 suffers from excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c. The functions assume legitimate values for image->rows and image->columns, but a crafted TIFF file can set these to large values, causing an almost infinite loop that leads to a hang lasting tens of minutes [2]. The issue is triggered when ImageMagick reads a specially crafted TIFF file.
Exploitation
An attacker needs to craft a small TIFF file (e.g., 108 bytes) with manipulated image dimensions. The attacker can deliver this file to a user or automated system that processes images with ImageMagick. When the file is opened (e.g., via mogrify), the application enters the DecodeLabImage or EncodeLabImage loop and becomes unresponsive for an extended period [2]. No special privileges are required; the attacker only needs to trick the target into processing the malicious file.
Impact
Successful exploitation results in a denial of service (DoS). The ImageMagick process hangs for tens of minutes, consuming CPU resources and preventing normal operation. The impact is limited to availability; confidentiality and integrity are not affected. The PoC file is only 108 bytes, making it easy to distribute [2].
Mitigation
ImageMagick has addressed the issue in later versions. Ubuntu users can update to the fixed packages as provided in USN-3681-1 [1]. The recommended mitigation is to apply the latest security updates for ImageMagick. Until patched, avoid processing untrusted TIFF files, or consider using alternative image processing libraries.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- Range: =7.0.7-26
- osv-coords5 versionspkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 6.8.8.1-71.65.1+ 4 more
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.8.8.1-71.65.1
- (no CPE)range: < 6.8.8.1-71.65.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Excessive iteration in DecodeLabImage and EncodeLabImage functions occurs when image dimensions are manipulated to be excessively large."
Attack vector
Remote attackers can trigger this vulnerability by providing a crafted TIFF file. When ImageMagick processes this file, the DecodeLabImage and EncodeLabImage functions in `coders/tiff.c` enter an excessive iteration loop due to manipulated image dimensions. This leads to a denial of service, causing the application to hang for an extended period, potentially tens of minutes [ref_id=1].
Affected code
The vulnerability resides in the DecodeLabImage and EncodeLabImage functions within the `src/coders/tiff.c` file. The issue arises because these functions assume legitimate values for `image->rows` and `image->columns`, which can be manipulated to cause excessive iteration [ref_id=1].
What the fix does
The advisory does not specify a patch or provide remediation guidance. However, the vulnerability is described as excessive iteration in the DecodeLabImage and EncodeLabImage functions when image dimensions are manipulated to be large [ref_id=1]. A fix would likely involve validating image dimensions before processing to prevent such extreme iterations.
Preconditions
- inputA crafted TIFF file with manipulated image dimensions.
Reproduction
To reproduce the issue, run the command: `./mogrify $POC`, where `$POC` is the crafted TIFF file [ref_id=1].
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- usn.ubuntu.com/3681-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/ImageMagick/ImageMagick/issues/1072mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/08/msg00030.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.