CVE-2019-16712
Description
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage when writing PS3 images, leading to potential denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage when writing PS3 images, leading to potential denial of service.
Vulnerability
ImageMagick 7.0.8-43 contains a memory leak in the Huffman2DEncodeImage function within coders/ps3.c, triggered during the WritePS3Image operation. This leak occurs when processing composite image commands that produce PS3 output. The issue was detected using AddressSanitizer and confirmed via a provided testcase [1].
Exploitation
An attacker can exploit this vulnerability by crafting input images and executing the magick composite command to output a PS3 file. The leak is triggered without requiring any special privileges beyond the ability to run ImageMagick and supply image files. The provided reproduction command is: /usr/local/bin/magick composite input1 input2 output.ps3 [1].
Impact
Successful exploitation results in a memory leak, leading to gradual memory exhaustion. Repeated exploitation can cause denial of service due to system resource depletion. No other impact (such as code execution or information disclosure) is reported [1].
Mitigation
As of the published date (2019-09-23), no patch was available in the referenced sources. Users are advised to avoid processing PS3 output files or restrict usage of the ps3 coder. Upgrading to a later version of ImageMagick that may have addressed this issue is recommended, though the specific fixed version is not identified in the available reference [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17- ImageMagick/ImageMagickdescription
- Range: = 7.0.8-43
- osv-coords15 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 7.0.7.34-lp150.2.41.1+ 14 more
- (no CPE)range: < 7.0.7.34-lp150.2.41.1
- (no CPE)range: < 7.0.7.34-lp151.7.12.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing deallocation of an ImageInfo structure allocated by CloneImageInfo in Huffman2DEncodeImage causes a memory leak."
Attack vector
An attacker triggers the bug by providing crafted input images to the `composite` command with a `.ps3` output format, e.g. `/usr/local/bin/magick composite input1 input2 output.ps3` [ref_id=1]. The `WritePS3Image` function calls `Huffman2DEncodeImage`, which calls `CloneImageInfo` to allocate memory that is never freed [ref_id=1]. Repeated invocations cause the memory leak to accumulate, potentially exhausting system memory.
Affected code
The memory leak occurs in `Huffman2DEncodeImage` in `coders/ps3.c` at line 223, called from `WritePS3Image` at line 1343 [ref_id=1]. The function `CloneImageInfo` allocates memory via `AcquireImageInfo` but the allocated `ImageInfo` structure is never freed on the code path that leads to the leak [ref_id=1].
What the fix does
The issue report does not include a patch or fix [ref_id=1]. The remediation would require freeing the `ImageInfo` object allocated by `CloneImageInfo` in `Huffman2DEncodeImage` (or its caller `WritePS3Image`) after use, or restructuring the code to avoid the allocation entirely. No official fix is shown in the provided bundle.
Preconditions
- inputAttacker must supply input image files that trigger the PS3 encoder path
- inputThe victim must run ImageMagick's `composite` command (or any command that calls WritePS3Image) with a .ps3 output
Reproduction
Run the command: `/usr/local/bin/magick composite input1 input2 output.ps3` with crafted input images [ref_id=1]. The testcase is available at https://github.com/butterflyhack/pocs/blob/master/memory-leaks-2.zip [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.htmlmitrevendor-advisoryx_refsource_SUSE
- github.com/ImageMagick/ImageMagick/issues/1557mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.