ImageMagick - Memory Leak in TXT File Processing via Texture Attribute
Description
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is processed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <7.1.2-15, <6.9.13-40
Patches
Vulnerability mechanics
Root cause
"Missing release of memory allocated by ReadImage when GetTypeMetrics fails in coders/txt.c."
Attack vector
An attacker can trigger the bug by supplying a crafted TXT file that includes a texture attribute. The file is processed over a network (e.g., via ImageMagick's standard image-processing pipeline), requiring no authentication. Each time the vulnerable code path is hit, memory is leaked, which can lead to resource exhaustion [CWE-401] [ref_id=1].
Affected code
The memory leak resides in `coders/txt.c`. When a TXT file with a texture attribute is processed, a texture object is allocated via `ReadImage`, but that object is not released when `GetTypeMetrics` fails, causing memory to leak on each such invocation.
What the fix does
The advisory does not include a patch diff, but the fix (available in ImageMagick 7.1.2-15 and 6.9.13-40) ensures that the texture object allocated by `ReadImage` is properly released when `GetTypeMetrics` fails. This prevents the memory leak by guaranteeing cleanup on the error path [ref_id=1].
Preconditions
- inputThe attacker must be able to supply a TXT file with a texture attribute to an ImageMagick process.
- networkNo authentication is required; the attack can be carried out over a network.
Generated on Jun 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8mitrevendor-advisory
- www.vulncheck.com/advisories/imagemagick-memory-leak-in-txt-file-processing-via-texture-attributemitrethird-party-advisory
News mentions
0No linked articles in our index yet.