DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-QP59-X883-77QV: Leaking Bytes in the Fast Lane: ImageMagick OpenCL DoS

#security #cve #cybersecurity #ghsa

Leaking Bytes in the Fast Lane: ImageMagick OpenCL DoS

Vulnerability ID: GHSA-QP59-X883-77QV
CVSS Score: 6.5
Published: 2026-01-21

A memory leak vulnerability in ImageMagick's OpenCL device benchmark loader allows attackers to exhaust system resources via malformed XML profiles.

TL;DR

ImageMagick's opencl.c fails to properly free allocated string members within a struct when parsing malformed OpenCL device profile XMLs. While the struct container is freed, the internal pointers remain allocated, leading to a memory leak. Repeated triggering can cause Denial of Service (DoS) via OOM.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-401 (Memory Leak)
  • Attack Vector: Local / Network (File Context)
  • CVSS: 6.5 (Medium)
  • Impact: Denial of Service (DoS)
  • Component: OpenCL Device Benchmark Loader
  • Exploit Status: PoC Available

Affected Systems

  • ImageMagick 7.1.2-12 and earlier
  • Magick.NET prior to 14.10.2
  • ImageMagick: <= 7.1.2-12 (Fixed in: 7.1.2-13)
  • Magick.NET: < 14.10.2 (Fixed in: 14.10.2)

Code Analysis

Commit: a52c1b4

Fix memory leak in LoadOpenCLDeviceBenchmark

@@ -908,6 +908,12 @@
     token=(char *) RelinquishMagickMemory(token);
+    if (device_benchmark != (MagickCLDeviceBenchmark *) NULL)
+      {
+        if (device_benchmark->platform_name != (char *) NULL)
+          device_benchmark->platform_name=RelinquishMagickMemory(
+            device_benchmark->platform_name);
+        /* ... repeated for other members ... */
+      }
     device_benchmark=(MagickCLDeviceBenchmark *) RelinquishMagickMemory(
       device_benchmark);
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • GitHub: Reproduction details and ASAN output provided by reporters.

Mitigation Strategies

  • Update ImageMagick to version 7.1.2-13 or higher.
  • Disable OpenCL functionality if not required.
  • Restrict write access to the ImageMagick cache directory.

Remediation Steps:

  1. Check current version: magick --version
  2. Install patch via package manager (e.g., apt-get install imagemagick or brew upgrade imagemagick).
  3. Alternatively, set MAGICK_OCL_DEVICE=OFF in the environment variables to bypass OpenCL initialization entirely.

References

Read the full report for GHSA-QP59-X883-77QV on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)