CVE-2019-13137
Description
ImageMagick before 7.0.8-50 has a memory leak in ReadPSImage when processing malformed PostScript files, leading to potential denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick before 7.0.8-50 has a memory leak in ReadPSImage when processing malformed PostScript files, leading to potential denial of service.
Vulnerability
In ImageMagick versions before 7.0.8-50, the function ReadPSImage in coders/ps.c contains a memory leak. When parsing a PostScript file, if the page_geometry string is allocated via GetPageGeometry and then an invalid geometry is encountered, the code returns early without freeing page_geometry via DestroyString. This occurs in the error handling path after ThrowMagickException when flags == NoValue. The leak is present in both ImageMagick 7 and ImageMagick 6 (where the variable is named geometry). [1][2][3]
Exploitation
An attacker can trigger this memory leak by providing a crafted PostScript file that causes the ParseMetaGeometry function to return NoValue. No authentication is required; the attacker only needs to submit the malicious file to an application using ImageMagick to process it. The leak occurs during the error handling before the function returns NULL. [1]
Impact
Repeatedly processing such malformed files can exhaust available memory, leading to a denial of service (DoS) condition. The vulnerability does not allow code execution or information disclosure; it is a resource exhaustion issue. [1]
Mitigation
The fix was released in ImageMagick version 7.0.8-50 and in ImageMagick6 commit 7d11230. Users should upgrade to the patched version. The commit for ImageMagick 7 adds page_geometry=DestroyString(page_geometry); before the return statement, and the ImageMagick6 commit adds geometry=DestroyString(geometry);. No workaround is available other than updating. [2][3]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- ImageMagick/ImageMagickdescription
- Range: < 7.0.8-50
- osv-coords6 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1
< 7.0.7.34-lp151.7.9.1+ 5 more
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A memory leak occurs in the ReadPSImage function because a return statement exits the function before the page_geometry string is properly destroyed."
Attack vector
An attacker can trigger this vulnerability by providing a specially crafted PostScript file that causes the ReadPSImage function to encounter an error condition [ref_id=1]. When the function hits the error handling block, it returns prematurely without freeing the memory allocated for the page_geometry string. This leads to a memory leak during the processing of the image file.
Affected code
The vulnerability is located in the ReadPSImage function within the coders/ps.c file [ref_id=1].
What the fix does
The advisory does not specify the exact patch implementation, but notes that the issue is similar to a previous fix [ref_id=1]. Remediation involves ensuring that all allocated resources, specifically the page_geometry string, are properly deallocated before any return statement in the ReadPSImage function. Users are advised to update to a version of ImageMagick later than 7.0.8-50 to resolve this vulnerability.
Preconditions
- inputThe attacker must provide a malformed or specially crafted PostScript image file to the application.
Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4192-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4712mitrevendor-advisoryx_refsource_DEBIAN
- github.com/ImageMagick/ImageMagick/commit/35ccb468ee2dcbe8ce9cf1e2f1957acc27f54c34mitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick/issues/1601mitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick6/commit/7d11230060fa9c8f67e53c85224daf6648805c7bmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.