CVE-2019-17547
Description
A use-after-free vulnerability in ImageMagick's TraceBezier function allows potential memory corruption before version 7.0.8-62.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A use-after-free vulnerability in ImageMagick's TraceBezier function allows potential memory corruption before version 7.0.8-62.
Vulnerability
A use-after-free vulnerability exists in the TraceBezier function in MagickCore/draw.c of ImageMagick before version 7.0.8-62 [2]. The bug occurs because the pointer primitive_info is dereferenced after it is reassigned to (*mvg_info->primitive_info)+mvg_info->offset, but a prior AcquireQuantumMemory call could fail and free the underlying memory, leaving the pointer dangling [2]. The fixed version addresses this by re-ordering operations to ensure primitive_info is only used after the memory allocation check [2].
Exploitation
An attacker would need to supply a crafted input file (e.g., an SVG or MVG image) that triggers the vulnerable code path in TraceBezier [1]. No special network position is required; exploitation can occur when a user or automated service processes the malicious image using the vulnerable ImageMagick version [1]. The attack likely requires no authentication, as ImageMagick often runs as a background service or is invoked by user processes.
Impact
Successful exploitation could lead to memory corruption, potentially resulting in a denial of service (crash) or arbitrary code execution [1][2]. The impact depends on the attacker's ability to control the freed memory contents after the use-after-free [2]. The vulnerability affects the CIA triad primarily through availability (denial of service) and potentially confidentiality and integrity if code execution is achieved [1].
Mitigation
The vulnerability is fixed in ImageMagick version 7.0.8-62 [1][2]. Users should update to this version or later. No workarounds are available; however, users can mitigate risk by ensuring that ImageMagick processes only trusted image files. This CVE is not listed on the CISA KEV catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- ImageMagick/ImageMagickdescription
- Range: <7.0.8-62
- osv-coords4 versionspkg:apk/chainguard/imagemagick-6pkg:apk/chainguard/imagemagick-6-devpkg:apk/chainguard/imagemagick-6-docpkg:apk/chainguard/imagemagick-6-static
< 0+ 3 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
21 file changed · +1 −1
ChangeLog+1 −1 modified@@ -1,5 +1,5 @@ 2019-08-23 7.0.8-62 Cristy <quetzlzacatenango@image...> - * Release ImageMagick version 7.0.8-62, GIT revision 16058:6f21580:20190823. + * Release ImageMagick version 7.0.8-62, GIT revision 16061:7525595:20190823. 2019-08-23 7.0.8-62 Dirk Lemstra <dirk@lem.....org> * Added option to limit the maximum point size with -define
1 file changed · +2 −1
MagickCore/draw.c+2 −1 modified@@ -6159,8 +6159,8 @@ static MagickBooleanType TraceBezier(MVGInfo *mvg_info, quantum=(size_t) alpha; } } - quantum=MagickMin(quantum/number_coordinates,BezierQuantum); primitive_info=(*mvg_info->primitive_info)+mvg_info->offset; + quantum=MagickMin(quantum/number_coordinates,BezierQuantum); coefficients=(double *) AcquireQuantumMemory(number_coordinates, sizeof(*coefficients)); points=(PointInfo *) AcquireQuantumMemory(quantum,number_coordinates* @@ -6182,6 +6182,7 @@ static MagickBooleanType TraceBezier(MVGInfo *mvg_info, coefficients=(double *) RelinquishMagickMemory(coefficients); return(MagickFalse); } + primitive_info=(*mvg_info->primitive_info)+mvg_info->offset; /* Compute bezier points. */
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- bugs.chromium.org/p/oss-fuzz/issues/detailmitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick/commit/ecf7c6b288e11e7e7f75387c5e9e93e423b98397mitrex_refsource_MISC
- github.com/ImageMagick/ImageMagick/compare/7.0.8-51...7.0.8-62mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.