CVE-2019-16713
Description
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c triggered via PingImage, leading to denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c triggered via PingImage, leading to denial of service.
Vulnerability
ImageMagick 7.0.8-43 contains a memory leak in the ReadDOTImage function within coders/dot.c. The leak is triggered when processing a specially crafted DOT image file, as demonstrated by the PingImage function in MagickCore/constitute.c [2]. The stack trace shows that memory allocated via AcquireImage at line 129 of coders/dot.c is not freed, resulting in a direct leak of 13,504 bytes per invocation [2]. The issue affects ImageMagick version 7.0.8-43 and possibly earlier versions.
Exploitation
An attacker can exploit this vulnerability by providing a malicious DOT image file to any ImageMagick tool that processes images, such as magick identify. No authentication or special privileges are required; the attack relies on user interaction (e.g., tricking a user into opening the file with an ImageMagick utility). Repeated processing of the crafted file causes the memory leak to accumulate, eventually exhausting system memory [2].
Impact
Successful exploitation results in memory exhaustion, leading to a denial of service condition. The Ubuntu security advisory [1] notes that other ImageMagick vulnerabilities may allow code execution, but this specific CVE is limited to a memory leak; no code execution or privilege escalation has been demonstrated for this issue.
Mitigation
The memory leak is fixed in ImageMagick versions after 7.0.8-43. Ubuntu released updated packages in USN-4192-1 [1] for Ubuntu 19.10 and other supported releases. Users should update to the latest ImageMagick package version. No workaround is available other than avoiding the processing of untrusted DOT files.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17- ImageMagick/ImageMagickdescription
- Range: = 7.0.8-43
- osv-coords15 versionspkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 7.0.7.34-lp150.2.41.1+ 14 more
- (no CPE)range: < 7.0.7.34-lp150.2.41.1
- (no CPE)range: < 7.0.7.34-lp151.7.12.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 7.0.7.34-3.72.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
- (no CPE)range: < 6.8.8.1-71.131.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing deallocation of an image object allocated by AcquireImage in ReadDOTImage leads to a memory leak."
Attack vector
An attacker provides a crafted DOT file as input to the `magick identify` command. When `ReadDOTImage` in `coders/dot.c` processes the file, it allocates memory via `AcquireImage` but fails to release that allocation on certain code paths, causing a memory leak [ref_id=1]. Repeatedly invoking the identify command on such a file will exhaust available memory, leading to a denial-of-service condition. No special network access or authentication is required; the attacker only needs to supply the malicious file to the ImageMagick utility.
Affected code
The memory leak occurs in `coders/dot.c` in the `ReadDOTImage` function, specifically at line 129 where `AcquireImage` allocates an image that is never freed on certain error or early-return paths. The call chain is triggered via `PingImage` in `MagickCore/constitute.c` (line 269) and ultimately `IdentifyImageCommand` in `MagickWand/identify.c` [ref_id=1].
What the fix does
The issue report [ref_id=1] does not include a patch or fix commit. The advisory describes the leak as occurring in `ReadDOTImage` when `AcquireImage` allocates memory that is not freed before the function returns. To remediate, the ImageMagick maintainers would need to ensure that the allocated image object is properly destroyed (e.g., via `DestroyImage`) on all error and early-return paths within `ReadDOTImage`. As of the report date, no fix has been published in the referenced issue.
Preconditions
- inputAttacker must supply a crafted DOT file as input to the `magick identify` command.
- configThe target system must have ImageMagick 7.0.8-43 installed and run the identify command on the attacker-controlled file.
Reproduction
Run the command: `/usr/local/bin/magick identify
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4192-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4712mitrevendor-advisoryx_refsource_DEBIAN
- github.com/ImageMagick/ImageMagick/issues/1558mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.