CVE-2019-16711
Description
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c, potentially causing denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c, potentially causing denial of service.
Vulnerability
A memory leak exists in ImageMagick 7.0.8-40 in the Huffman2DEncodeImage function in coders/ps2.c. The leak occurs when using the composite command to write PS2 format images. The issue was reported via a GitHub issue with steps to reproduce using two input files and outputting to a .ps2 file [1].
Exploitation
An attacker can trigger the memory leak by providing specially crafted input images to the magick composite command. No authentication or special privileges are required if the application processes user-supplied images. The leak is demonstrated using AddressSanitizer, which detects a direct leak of 13024 bytes [1].
Impact
Successful exploitation leads to progressive memory exhaustion, potentially causing a denial of service (DoS) or crash of the ImageMagick process. This could impact availability of services relying on ImageMagick for image processing [1].
Mitigation
No patch or fixed version is mentioned in the available reference [1]. Users should avoid processing untrusted PS2 images until a fix is applied. Upgrading to a later version of ImageMagick that includes a fix is recommended.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17- ImageMagick/ImageMagickdescription
- Range: = 7.0.8-40
- osv-coords15 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 7.0.7.34-lp150.2.41.1+ 14 more
- (no CPE)range: < 7.0.7.34-lp150.2.41.1
- (no CPE)range: < 7.0.7.34-lp151.7.12.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing deallocation of cloned image info in Huffman2DEncodeImage causes a memory leak."
Attack vector
An attacker provides two specially crafted image files as inputs to the `magick composite` command, which triggers the `WritePS2Image` code path that calls `Huffman2DEncodeImage` [ref_id=1]. No authentication or special privileges are required beyond the ability to supply image files to the ImageMagick utility. Each invocation of the vulnerable function leaks 13,024 bytes of heap memory, and repeated processing can exhaust available memory [ref_id=1].
Affected code
The memory leak occurs in `Huffman2DEncodeImage` in `coders/ps2.c` at line 207 [ref_id=1]. The function calls `CloneImageInfo` (which allocates memory via `AcquireImageInfo` and `AcquireMagickMemory`) but does not free the cloned image info before returning, causing a leak of 13,024 bytes per invocation [ref_id=1].
What the fix does
The issue report [ref_id=1] identifies the memory leak but does not include a patch or fix commit. The remediation would require freeing the `image_info` object allocated by `CloneImageInfo` at line 207 of `coders/ps2.c` after it is no longer needed in `Huffman2DEncodeImage`. As of the report, no fix has been published for version 7.0.8-40.
Preconditions
- inputAttacker must supply two image files as inputs to the `magick composite` command
- inputThe output format must be PS2 (PostScript Level 2)
Reproduction
Run the following command with two crafted input files (available from the linked testcase archive): `/usr/local/bin/magick composite Memory-Leak-input1 Memory-Leak-input2 output.ps2` [ref_id=1]. The AddressSanitizer output confirms a direct leak of 13,024 bytes in `Huffman2DEncodeImage` at `coders/ps2.c:207` [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4192-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4712mitrevendor-advisoryx_refsource_DEBIAN
- github.com/ImageMagick/ImageMagick/issues/1542mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.