CVE-2019-12974
Description
A NULL pointer dereference in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A NULL pointer dereference in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.
Vulnerability
A NULL pointer dereference vulnerability exists in the functions ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c of ImageMagick version 7.0.8-34. The issue occurs when the return value of InterpretImageProperties is NULL, leading to a NULL pointer dereference [1]. The vulnerability can be triggered by processing a specially crafted image file.
Exploitation
An attacker can exploit this vulnerability by providing a crafted image file to be processed by ImageMagick. No authentication or special network position is required; the attacker only needs to induce a user or service to process the image. The steps involve feeding the crafted image to an affected version of ImageMagick, which will then attempt to parse it and trigger the NULL pointer dereference.
Impact
Successful exploitation results in a denial of service (DoS) condition due to the program crash. The CIA impact is limited to availability, as the attacker can cause the software to terminate unexpectedly.
Mitigation
The issue was addressed in a commit (93a9ccc) to the ImageMagick repository [1]. Users should upgrade to a version of ImageMagick that includes this fix. If upgrading is not immediately possible, avoid processing untrusted image files with the affected software.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
13- ImageMagick/ImageMagickdescription
- Range: = 7.0.8-34
- osv-coords11 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4
< 7.0.7.34-lp151.7.9.1+ 10 more
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 6.8.8.1-71.126.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The application fails to check the return value of InterpretImageProperties for NULL before using it, leading to a NULL pointer dereference."
Attack vector
An attacker can trigger this denial of service vulnerability by providing a crafted image file to the application [ref_id=1]. When the image is processed, the function ReadPANGOImage or ReadVIDImage attempts to use the result of InterpretImageProperties without verifying if it is NULL [ref_id=1]. This results in a crash of the ImageMagick process.
Affected code
The vulnerability is located in the ReadPANGOImage function within coders/pango.c and the ReadVIDImage function within coders/vid.c [ref_id=1]. Specifically, the issue arises when the return value of InterpretImageProperties is used without validation [ref_id=1].
What the fix does
The advisory does not specify the exact patch implementation, but remediation requires adding a check to ensure the return value of InterpretImageProperties is not NULL before passing it to SetImageProperty [ref_id=1]. By validating the pointer, the application can safely handle cases where property interpretation fails instead of dereferencing a null pointer. No specific patch ID is provided in the bundle.
Preconditions
- inputThe attacker must provide a crafted image file that triggers the vulnerable code path during processing.
Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4192-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4712mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/108913mitrevdb-entryx_refsource_BID
- github.com/ImageMagick/ImageMagick/issues/1515mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/08/msg00021.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2020/08/msg00030.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.