ImageMagick has a Heap Overflow when writing extremely large image profile in the PNG encoder

Vulnerability

Overview ImageMagick, a widely used open-source image processing suite, contains a heap buffer overflow vulnerability in its PNG encoder. When an image with an extremely large profile is encoded to PNG, the software fails to properly handle the memory allocation, leading to a heap overflow [1][2][3][4]. This issue affects versions prior to 7.1.2-16 and 6.9.13-41.

Exploitation

An attacker can exploit this vulnerability by providing a crafted image file containing an oversized profile. The attack requires no special privileges beyond the ability to supply an image for processing, and user interaction is minimal (e.g., opening the file or triggering an automated conversion). The overflow occurs during the encoding phase, which can be triggered remotely if the application processes user-supplied images [4].

Impact

Successful exploitation could allow an attacker to corrupt memory, potentially leading to arbitrary code execution or denial of service. The heap overflow may overwrite adjacent data structures, enabling control flow hijacking. Given ImageMagick's use in web services, content management systems, and automated pipelines, this vulnerability poses a significant risk [3][4].

Mitigation

The vulnerability has been patched in ImageMagick versions 7.1.2-16 and 6.9.13-41. Users are strongly advised to update immediately. For those unable to upgrade, implementing strict security policies to limit image profile sizes may reduce risk, but patching is the recommended course of action [1][2].