CVE-2019-13310
Description
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory due to missing DestroyImage calls in MagickWand/mogrify.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory due to missing DestroyImage calls in MagickWand/mogrify.c.
Vulnerability
ImageMagick 7.0.8-50 Q16 contains memory leaks in the AcquireMagickMemory function, triggered by missing DestroyImage calls in the MagickWand/mogrify.c file. The leaks occur during certain image operations, such as when using -compare with a complex command line (e.g., magick -seed 0 -quality 3 "(" magick:logo +repage ")" "(" magick:wizard +repage ")" -quiet -caption "%h%U" -compare -insert 2 tmp). The issue is related to the code paths in CLIListOperatorImages and MogrifyImageList that fail to free allocated image objects after errors or successful operations. [1]
Exploitation
An attacker does not need special network access or authentication; the vulnerability can be triggered by a user running a crafted ImageMagick command line. The exploit involves providing a specific sequence of image processing options (as shown in the steps to reproduce) that cause the application to leak memory. No race condition or user interaction beyond executing the command is required. The leak is reproducible with the command: magick -seed 0 -quality 3 "(" magick:logo +repage ")" "(" magick:wizard +repage ")" -quiet -caption "%h%U" -compare -insert 2 tmp. [1]
Impact
An attacker who can trick a user or automated system into processing a malicious command line can cause ImageMagick to exhaust available memory, leading to a denial of service (DoS). The memory leak is confirmed by AddressSanitizer (ASan) and results in a direct leak of 13,504 bytes and an indirect leak of 6,553,600 bytes (one object each) in the tested scenario. Repeated exploitation could consume significant system resources. No arbitrary code execution or data disclosure is reported. [1]
Mitigation
The issue is fixed in ImageMagick version 7.0.8-50 via commit 5f21230b657ccd65452dd3d94c5b5401ba691a2d and in ImageMagick 6 (legacy) via commit 5982632109cad48bc6dab867298fdea4dea57c51. Users should update to a patched version (7.0.8-51 or later) or apply the provided patches. The fix adds missing DestroyImage calls in MogrifyImageList and CLIListOperatorImages to properly free image objects. No workaround is available other than avoiding the vulnerable command line patterns. [2][3]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
13- ImageMagick/ImageMagickdescription
- Range: =7.0.8-50
- osv-coords11 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4
< 7.0.7.34-lp151.7.9.1+ 10 more
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 7.0.7.34-lp151.7.9.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 7.0.7.34-3.67.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 6.8.8.1-71.126.1
- (no CPE)range: < 6.8.8.1-71.126.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Memory allocated during `CompareImages` → `ExtentImage` → `CloneImage` is not properly freed, causing leaks at `AcquireMagickMemory`."
Attack vector
An attacker can trigger the memory leaks by supplying a crafted command-line invocation to ImageMagick. The reproducer uses `magick -seed 0 -quality 3 "(" magick:logo +repage ")" "(" magick:wizard +repage ")" -quiet -caption "%h%U" -compare -insert 2 tmp` [ref_id=1]. This command causes multiple allocations (direct and indirect) through `CompareImages` → `ExtentImage` → `CloneImage` that are never freed, as shown by the ASAN output [ref_id=1]. No authentication or special privileges are required; the attacker only needs to deliver the malicious command to a victim's ImageMagick installation.
Affected code
The memory leaks originate in `MagickCore/memory.c` at `AcquireMagickMemory` (line 478) and propagate through `CloneImage` in `MagickCore/image.c`, `ExtentImage` in `MagickCore/transform.c`, and `CompareImages` in `MagickCore/compare.c`. The call chain reaches `CLIListOperatorImages` in `MagickWand/operation.c` and `MagickCommandGenesis` in `MagickWand/mogrify.c` [ref_id=1].
What the fix does
The advisory does not include a patch or describe a specific fix. The issue was reported on the ImageMagick GitHub tracker and is described as "memory leaks is detected at AcquireMagickMemory" [ref_id=1]. No remediation guidance or commit is provided in the available bundle; the reporter notes the issue "maybe related with #1604" [ref_id=1].
Preconditions
- inputThe attacker must be able to execute the ImageMagick `magick` command with the crafted arguments.
- authNo authentication or special privileges are required beyond local or remote command execution capability.
Reproduction
Run the following command with AddressSanitizer enabled: `magick -seed 0 -quality 3 "(" magick:logo +repage ")" "(" magick:wizard +repage ")" -quiet -caption "%h%U" -compare -insert 2 tmp` [ref_id=1]. The ASAN output will report multiple direct and indirect memory leaks originating at `AcquireMagickMemory` in `MagickCore/memory.c:478` [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4192-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/ImageMagick/ImageMagick/commit/5f21230b657ccd65452dd3d94c5b5401ba691a2dmitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick/issues/1616mitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.