CVE-2019-16708
Description
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c via XCreateImage, leading to resource exhaustion.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c via XCreateImage, leading to resource exhaustion.
Vulnerability
ImageMagick version 7.0.8-35 contains a memory leak in the magick/xwindow.c file, specifically in the XCreateImage function [1]. The leak occurs when the convert command writes an image to an X11 output format (e.g., output.x). The code path involves XMakeImage, XConfigureImage, and XDisplayImage, which allocate memory that is not properly freed, resulting in a cumulative memory leak of 48136 bytes per operation [1].
Exploitation
An attacker can trigger the memory leak by providing a crafted image file and running the ImageMagick convert command with an X11 output target (e.g., magick convert input output.x) [1]. No authentication or special privileges are required; the attacker only needs to convince a user to process a malicious image file. The leak is reproducible on Linux systems and does not require any race condition or user interaction beyond executing the command [1].
Impact
Successful exploitation leads to a memory leak that can exhaust system resources over repeated invocations, potentially causing a denial-of-service condition [1]. The leak is per-operation, so an attacker who can repeatedly trigger the conversion can degrade system performance or cause the application to crash due to memory exhaustion.
Mitigation
As of the publication date (2019-09-23), no official patch has been released for this issue [1]. Users are advised to avoid using X11 output formats (e.g., .x) if not necessary, or to monitor the ImageMagick project for updates that address the memory leak. Upgrading to a version newer than 7.0.8-35 may include a fix, but the reference does not specify a fixed version [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17- ImageMagick/ImageMagickdescription
- Range: = 7.0.8-35
- osv-coords15 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 7.0.7.34-lp150.2.41.1+ 14 more
- (no CPE)range: < 7.0.7.34-lp150.2.41.1
- (no CPE)range: < 7.0.7.34-lp151.7.12.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Memory leak in XCreateImage when processing XWD output files — allocated image data is never freed."
Attack vector
An attacker provides a crafted image file (e.g., a specially constructed XWD file) that triggers the ImageMagick display or convert pipeline. When the tool writes the image to an X11 output (via `WriteXImage` → `XDisplayImage` → `XConfigureImage` → `XMakeImage`), the `XCreateImage` call allocates memory that is never released [ref_id=1]. The leak occurs during normal image processing without requiring any special privileges beyond the ability to supply a malicious image file.
Affected code
The memory leak occurs in `magick/xwindow.c` at the `XMakeImage` function (line 5733), which calls `XCreateImage` without freeing the allocated memory [ref_id=1]. The call chain flows through `magick/display.c` (`XConfigureImage` at line 4449, `XDisplayImage` at line 15069) and `coders/x.c` (`WriteXImage` at line 202).
What the fix does
No patch is included in the bundle. The advisory [ref_id=1] identifies the leak in `magick/xwindow.c` related to `XCreateImage`, with the call chain showing allocations in `XMakeImage` (xwindow.c:5733) that are not freed. The remediation would require ensuring that the `XImage` structure and its data buffer returned by `XCreateImage` are properly deallocated (e.g., via `XDestroyImage`) after use in the display/output codepath.
Preconditions
- inputAttacker supplies a crafted image file that triggers the X11 output codepath.
- networkNo network access required; the attack is local file-based.
Reproduction
1. Create an empty output file: `touch output.x` 2. Run: `/usr/local/bin/magick convert Memory-Leak-2 output.x` 3. Close the ImageMagick windows that appear. 4. The AddressSanitizer report shows 48,136 bytes leaked in 2 allocations from `XCreateImage` and `XMakeImage` [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4192-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4712mitrevendor-advisoryx_refsource_DEBIAN
- github.com/ImageMagick/ImageMagick/issues/1531mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.