CVE-2019-12977
Description
ImageMagick 7.0.8-34 has a use-of-uninitialized-value vulnerability in WriteJP2Image when extracting tile geometry, potentially causing undefined behavior or information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.8-34 has a use-of-uninitialized-value vulnerability in WriteJP2Image when extracting tile geometry, potentially causing undefined behavior or information disclosure.
Vulnerability
In ImageMagick 7.0.8-34, the WriteJP2Image function in coders/jp2.c improperly uses an uninitialized RectangleInfo variable when the image_info->extract option is set. The geometry variable is declared but not zeroed before being passed to ParseAbsoluteGeometry, leading to a read of uninitialized memory [1].
Exploitation
An attacker can trigger this vulnerability by providing a crafted image or command-line options that set the -extract geometry. No authentication is required; the attack is remote if the attacker can supply the input to ImageMagick. The uninitialized value is used to set tile dimensions (cp_tdx, cp_tdy) and offsets (cp_tx0, cp_ty0) [1].
Impact
The use of uninitialized values can lead to undefined behavior, potentially including crash or information disclosure of sensitive memory. The exact outcome depends on the contents of the uninitialized stack memory [1].
Mitigation
The issue was fixed by initializing the geometry structure with memset in subsequent commits (eeb68ee and 81bfff2). Users should upgrade to a version of ImageMagick that includes these fixes (7.0.8-35 or later). No workaround is known if the extract option is required [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- ImageMagick/ImageMagickdescription
- Range: = 7.0.8-34
- osv-coords6 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1
< 7.0.7.34-lp151.7.9.1+ 5 more
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The WriteJP2Image function fails to initialize the geometry structure before using it, leading to the use of uninitialized memory."
Attack vector
An attacker can trigger this vulnerability by providing a specially crafted image file that influences the execution path within the WriteJP2Image function [ref_id=1]. The vulnerability occurs when the application processes the extract information, which relies on the uninitialized geometry structure [ref_id=1]. This can lead to the use of uninitialized values during the parsing of absolute geometry [ref_id=1].
Affected code
The vulnerability is located in the WriteJP2Image function within the coders/jp2.c file [ref_id=1]. Specifically, the issue arises because the RectangleInfo geometry structure is declared but not initialized before being passed to ParseAbsoluteGeometry [ref_id=1].
What the fix does
The advisory suggests that the vulnerability can be mitigated by calling memset to initialize the geometry structure to zero immediately after its declaration [ref_id=1]. This ensures that all fields within the structure have a defined state before they are accessed or populated by the ParseAbsoluteGeometry function. No specific patch file is provided in the bundle, but the advisory identifies the necessary code change to prevent the use of uninitialized memory [ref_id=1].
Preconditions
- inputThe application must process a crafted image file that triggers the extract logic in the JP2 coder.
Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4192-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4712mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/108913mitrevdb-entryx_refsource_BID
- github.com/ImageMagick/ImageMagick/issues/1518mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/08/msg00030.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.