CVE-2019-13301
Description
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory triggered by an AnnotateImage error when processing a crafted image.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory triggered by an AnnotateImage error when processing a crafted image.
Vulnerability
ImageMagick version 7.0.8-50 Q16 contains memory leaks in the AcquireMagickMemory function of MagickCore/memory.c (line 478) caused by improper error handling in AnnotateImage (MagickCore/annotate.c). When AnnotateImage fails after allocating memory for text lines or after setting an image storage class, the allocated resources (annotate_info, annotate, and textlist) are not freed, leading to memory leaks over time [1][4]. The issue is triggered when processing specially crafted image files with specific command-line arguments, such as those involving -draw, -preview, -resize and other operators [2][3].
Exploitation
An attacker needs to trick a user or automated system into opening or processing a specially crafted image file using a vulnerable ImageMagick installation [1]. The attacker supplies a malformed image that, when processed with certain command-line options (e.g., magick -black-point-compensation ... triggers AnnotateImage failure paths), causes memory to be allocated but not freed [2][3]. Multiple runs of the command may be required to observe the leak, as the bug is intermittent [2]. No authentication or special network position is required beyond delivering the file to the victim's system.
Impact
Successful exploitation results in progressive memory leak, leading to denial of service as the ImageMagick process consumes increasing amounts of memory, potentially exhausting system resources [1][2][3]. In addition to memory leaks, related heap-buffer-overflow and heap-use-after-free vulnerabilities have been reported in MagickCore/resize.c and MagickCore/memory.c that could cause crashes or potentially arbitrary code execution under certain conditions [2][3][4]. The attacker may achieve code execution with the privileges of the user running ImageMagick [1].
Mitigation
Ubuntu released an advisory (USN-4192-1) on 2019-07-05 recommending updating imagemagick packages to the latest version for Ubuntu 19.10 (eoan) and other supported releases [1]. The upstream fix is available in commit f595a1985233c399a05c0c37cc41de16a90dd025, which adds proper cleanup of annotate_info, annotate, and textlist resources before returning from AnnotateImage on error [4]. Users should update to ImageMagick versions containing this commit (e.g., 7.0.8-50 or later). As a workaround, avoid processing untrusted images with vulnerable command-line options until patched. This CVE is not known to be listed in CISA's Known Exploited Vulnerabilities catalog.
- USN-4192-1: ImageMagick vulnerabilities | Ubuntu security notices | Ubuntu
- memory leaks in AcquireMagickMemory of MagickCore/memory.c
- heap-use-after-free in MagickCore/resize.c and double-free in RelinquishAlignedMemory of MagickCore/memory.c
- https://github.com/ImageMagick/ImageMagick/issues/1589 · ImageMagick/ImageMagick@f595a19
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
14- ImageMagick/ImageMagickdescription
- Range: = 7.0.8-50 Q16
- osv-coords12 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4
< 7.0.7.34-lp151.7.9.1+ 11 more
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 7.1.0.9-1.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 6.8.8.1-71.126.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Memory leaks in AcquireMagickMemory caused by an error path in AnnotateImage that does not free allocated draw info structures."
Attack vector
An attacker provides a crafted ImageMagick command line that triggers the AnnotateImage code path through MontageImageList and PreviewImage. The command uses options such as "-preview" combined with "-draw" and other operators to reach the vulnerable code [ref_id=1]. The bug is triggered when AnnotateImage calls CloneDrawInfo (which allocates memory via AcquireMagickMemory) and then encounters an error, causing the allocated memory to leak [ref_id=1]. The issue is intermittent and may require multiple executions with the same arguments to reproduce [ref_id=1].
Affected code
The memory leak originates in AcquireMagickMemory at MagickCore/memory.c:478:10, called through AcquireQuantumMemory and then AcquireString and CloneString, ultimately from CloneDrawInfo at MagickCore/draw.c:310:12 [ref_id=1]. The leak is triggered when AnnotateImage at MagickCore/annotate.c:267:12 calls CloneDrawInfo and then hits an error path without freeing the allocated memory [ref_id=1]. The call chain proceeds through MontageImageList at MagickCore/montage.c:842:22 and PreviewImage at MagickCore/effect.c:2747:17 [ref_id=1].
What the fix does
No patch is included in the bundle. The advisory [ref_id=1] reports memory leaks in AcquireMagickMemory at MagickCore/memory.c:478:10, triggered through AnnotateImage at MagickCore/annotate.c:267:12 and MontageImageList at MagickCore/montage.c:842:22. The fix would need to ensure that when AnnotateImage encounters an error after calling CloneDrawInfo, the allocated draw info is properly freed before returning. Without a published patch, users should update to a version of ImageMagick newer than 7.0.8-50 where this issue may have been addressed.
Preconditions
- inputAttacker must supply a command-line invocation of ImageMagick that reaches the AnnotateImage code path via MontageImageList and PreviewImage
- inputThe bug is intermittent and may require multiple executions of the same command to reproduce
Reproduction
Run the following command (the memory leak is triggered when ImageMagick is compiled without `--disable-shared`): `magick "-black-point-compensation" "-weight" "63" "(" "magick:logo" "-normalize" "-resize" "892%-38-49" ")" "(" "magick:wizard" "-preview" "Spiff" "-solarize" "35%" "-cycle" "813" ")" "(" "magick:granite" "-preview" "Blur" "-draw" ""rotate" "205"" "-colors" "109" ")" "-crop" "333x497" "-print" ""` [ref_id=1]. The leak may not reproduce every time, so run the command several times [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4192-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4712mitrevendor-advisoryx_refsource_DEBIAN
- github.com/ImageMagick/ImageMagick/commit/f595a1985233c399a05c0c37cc41de16a90dd025mitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick/issues/1585mitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick/issues/1589mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.