CVE-2019-13134
Description
ImageMagick before 7.0.8-50 has a memory leak in ReadVIFFImage, leading to potential resource exhaustion.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick before 7.0.8-50 has a memory leak in ReadVIFFImage, leading to potential resource exhaustion.
Vulnerability
ImageMagick versions before 7.0.8-50 contain a memory leak vulnerability in the ReadVIFFImage function in coders/viff.c. When processing a specially crafted VIFF image, the function may fail to free allocated memory, resulting in a memory leak. The issue was reported in GitHub issue #1600 [1] and patched in commit fe30661 [2].
Exploitation
An attacker can exploit this vulnerability by providing a malicious VIFF image to be processed by ImageMagick. No authentication is required; the attack vector is remote if the user processes a file from an untrusted source. When the ReadVIFFImage function encounters an error condition during reading, it fails to properly release memory, leading to accumulation of allocated memory.
Impact
Successful exploitation leads to a memory leak, which over time can exhaust available memory resources, causing denial of service. The impact is primarily availability, as the system may become unresponsive or crash due to memory exhaustion.
Mitigation
The vulnerability is fixed in ImageMagick version 7.0.8-50 and later. Users should upgrade to the latest version. There is no known workaround; users can avoid processing untrusted VIFF images until the upgrade is applied.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
14- ImageMagick/ImageMagickdescription
- Range: <7.0.8-50
- osv-coords12 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4
< 7.0.7.34-lp151.7.9.1+ 11 more
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 7.1.0.9-1.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 6.8.8.1-71.126.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Improper error handling in ReadVIFFImage causes a memory leak when GetNextImageInList returns NULL."
Attack vector
An attacker can trigger the memory leak by providing a crafted VIFF image file that causes `ReadVIFFImage` to fail when acquiring the next image in the list [ref_id=1]. When `GetNextImageInList(image)` returns NULL, the function destroys the image list and returns NULL, but the allocated image resources are not fully released, resulting in a memory leak [ref_id=1]. Repeatedly processing such malformed images can exhaust system memory, leading to a denial-of-service condition.
Affected code
The vulnerability is in the function `ReadVIFFImage` in `coders/viff.c` [ref_id=1]. At line 774, when `GetNextImageInList(image)` returns NULL, the code calls `DestroyImageList(image)` and returns NULL without freeing the image list properly, causing a memory leak [ref_id=1]. The same pattern also exists in `ReadBMPImage` in `coders/bmp.c` [ref_id=1].
What the fix does
The patch [ref_id=2] replaces `image=DestroyImageList(image); return((Image *) NULL);` with `status=MagickFalse; break;` in both `ReadVIFFImage` and `ReadBMPImage`. Instead of destroying the image list and returning NULL (which leaks memory), the fix sets a failure status and breaks out of the loop, allowing the function to properly clean up resources via the normal exit path. This ensures all allocated memory is freed even when the next image cannot be acquired.
Preconditions
- inputThe attacker must supply a crafted VIFF image file that causes GetNextImageInList to return NULL during processing.
- configThe target system must be running ImageMagick before version 7.0.8-50.
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.htmlmitrevendor-advisoryx_refsource_SUSE
- github.com/ImageMagick/ImageMagick/commit/fe3066122ef72c82415811d25e9e3fad622c0a99mitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick/issues/1600mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.