CVE-2019-16709
Description
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c via XCreateImage, potentially causing denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c via XCreateImage, potentially causing denial of service.
Vulnerability
ImageMagick version 7.0.8-35 contains a memory leak in coders/dps.c when using XCreateImage. The leak occurs due to improper memory deallocation when processing certain image files, as demonstrated in the referenced issue [2]. This affects the DPS (Display PostScript) coder, which is used to handle specific image formats.
Exploitation
An attacker can exploit this vulnerability by crafting a malicious image file and convincing a user to process it with ImageMagick (e.g., using the convert command). The attack requires no authentication but does rely on user interaction. As shown in [2], running magick convert <crafted_file> output.x and then closing the ImageMagick windows triggers the memory leak, which can be repeated to exhaust system resources.
Impact
Successful exploitation leads to a memory leak, gradually consuming available memory. This can result in denial of service (DoS) by exhausting system resources, potentially causing the application or system to become unresponsive. No code execution or privilege escalation is reported for this specific issue.
Mitigation
Update ImageMagick to a version newer than 7.0.8-35. For Ubuntu systems, refer to the security advisory [1] which provides updated packages (e.g., for Ubuntu 19.10 eoan, update to the appropriate version). No workaround is available; applying the patch from the vendor is recommended.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
21- ImageMagick/ImageMagickdescription
- Range: =7.0.8-35
- osv-coords19 versionspkg:rpm/opensuse/GraphicsMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/GraphicsMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 1.3.29-lp151.4.9.1+ 18 more
- (no CPE)range: < 1.3.29-lp151.4.9.1
- (no CPE)range: < 1.3.29-lp151.4.9.1
- (no CPE)range: < 7.0.7.34-lp150.2.41.1
- (no CPE)range: < 7.0.7.34-lp151.7.12.1
- (no CPE)range: < 1.3.29-bp151.5.6.1
- (no CPE)range: < 1.3.29-bp151.5.6.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Memory leak in coders/dps.c when XCreateImage allocates memory that is never freed during image conversion."
Attack vector
An attacker triggers the vulnerability by providing a crafted image file (e.g., the "Memory-Leak-2" sample) and running ImageMagick's convert command to write it to an X output format (output.x). The conversion path calls XCreateImage via coders/dps.c, which allocates memory that is never released, causing a memory leak [ref_id=1]. No authentication or special network access is required — the attacker only needs to supply a malicious image to the local convert utility.
Affected code
The memory leak occurs in coders/dps.c, as demonstrated by the XCreateImage call path [ref_id=1]. The leak is also reachable through MagickCore/xwindow.c:5733 (XMakeImage), MagickCore/display.c:4449 (XConfigureImage), and coders/x.c:202 (WriteXImage) [ref_id=1].
What the fix does
The issue report does not include a patch. The advisory [ref_id=1] identifies the leak in coders/dps.c via XCreateImage, but no fix is published in the referenced materials. Remediation would require ensuring that the XImage structure allocated by XCreateImage is properly freed after use in the DPS coder's write path.
Preconditions
- inputAttacker must supply a crafted image file (e.g., the 'Memory-Leak-2' sample)
- inputVictim must run ImageMagick's convert command to write the image to an X output format
Reproduction
1. Obtain the "Memory-Leak-2" sample image from the referenced issue. 2. Run: `/usr/local/bin/magick convert Memory-Leak-2 output.x` 3. Close the ImageMagick windows that appear. 4. The AddressSanitizer output will show a direct leak of 136 bytes and an indirect leak of 48000 bytes from XCreateImage [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00046.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4192-1/mitrevendor-advisoryx_refsource_UBUNTU
- github.com/ImageMagick/ImageMagick/issues/1531mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.