Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-cfh4-9f7v-fhrc: ImageMagick has a Memory Leak in magick stream

Summary

In ImageMagick’s magick stream command, specifying multiple consecutive %d format specifiers in a filename template causes a memory leak.

Details

  • Vulnerability Type: Memory leak
  • Affected Version: ImageMagick 7.1.1-47 (as of commit 82572afc, June 2025)

Reproduction

Tested Environment

  • Operating System: Ubuntu 22.04 LTS
  • Architecture: x86_64
  • Compiler: gcc with AddressSanitizer (gcc version: 11.4.0)

Reproduction Steps

# Clone source
git clone --depth 1 --branch 7.1.1-47 https://github.com/ImageMagick/ImageMagick.git ImageMagick-7.1.1
cd ImageMagick-7.1.1

# Build with ASan
CFLAGS="-g -O0 -fsanitize=address -fno-omit-frame-pointer" CXXFLAGS="$CFLAGS" LDFLAGS="-fsanitize=address" ./configure --enable-maintainer-mode --enable-shared && make -j$(nproc) && make install

# Trigger crash
./utilities/magick stream %d%d a a

Output

$ magick stream %d%d a a
stream: no decode delegate for this image format `' @ error/constitute.c/ReadImage/746.
stream: missing an image filename `a' @ error/stream.c/StreamImageCommand/755.

=================================================================
==114==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 152 byte(s) in 1 object(s) allocated from:
    #0 0x7fc4ebe58887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x7fc4eb563c5c in AcquireMagickMemory MagickCore/memory.c:559
    #2 0x7fc4eb563c82 in AcquireCriticalMemory MagickCore/memory.c:635
    #3 0x7fc4eb60c2be in AcquireQuantumInfo MagickCore/quantum.c:119
    #4 0x7fc4eb6b6621 in StreamImage MagickCore/stream.c:1335
    #5 0x7fc4eb09d889 in StreamImageCommand MagickWand/stream.c:292
    #6 0x7fc4eaf1295d in MagickCommandGenesis MagickWand/magick-cli.c:177
    #7 0x55a34f7c0a0c in MagickMain utilities/magick.c:153
    #8 0x55a34f7c0cba in main utilities/magick.c:184
    #9 0x7fc4ea38fd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7fc4ebe5957c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
    #1 0x7fc4eb680e2f in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7fc4eb680f30 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7fc4eb60d38d in GetQuantumInfo MagickCore/quantum.c:435
    #4 0x7fc4eb60c30e in AcquireQuantumInfo MagickCore/quantum.c:121
    #5 0x7fc4eb6b6621 in StreamImage MagickCore/stream.c:1335
    #6 0x7fc4eb09d889 in StreamImageCommand MagickWand/stream.c:292
    #7 0x7fc4eaf1295d in MagickCommandGenesis MagickWand/magick-cli.c:177
    #8 0x55a34f7c0a0c in MagickMain utilities/magick.c:153
    #9 0x55a34f7c0cba in main utilities/magick.c:184
    #10 0x7fc4ea38fd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: 216 byte(s) leaked in 2 allocation(s).

Commits

Fixed in https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c and https://github.com/ImageMagick/ImageMagick6/commit/d49460522669232159c2269fa64f73ed30555c1b

ghsa
Open in Source
#vulnerability#ubuntu#linux#git#c++
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-53019

ImageMagick has a Memory Leak in magick stream

Low severity GitHub Reviewed Published Jul 13, 2025 in ImageMagick/ImageMagick • Updated Aug 25, 2025

Package

nuget Magick.NET-Q16-AnyCPU (NuGet)

Affected versions

< 14.7.0

nuget Magick.NET-Q16-HDRI-AnyCPU (NuGet)

nuget Magick.NET-Q16-HDRI-OpenMP-arm64 (NuGet)

nuget Magick.NET-Q16-HDRI-OpenMP-x64 (NuGet)

nuget Magick.NET-Q16-HDRI-arm64 (NuGet)

nuget Magick.NET-Q16-HDRI-x64 (NuGet)

nuget Magick.NET-Q16-HDRI-x86 (NuGet)

nuget Magick.NET-Q16-OpenMP-arm64 (NuGet)

nuget Magick.NET-Q16-OpenMP-x64 (NuGet)

nuget Magick.NET-Q16-arm64 (NuGet)

nuget Magick.NET-Q16-x64 (NuGet)

nuget Magick.NET-Q16-x86 (NuGet)

nuget Magick.NET-Q8-AnyCPU (NuGet)

nuget Magick.NET-Q8-OpenMP-arm64 (NuGet)

nuget Magick.NET-Q8-OpenMP-x64 (NuGet)

nuget Magick.NET-Q8-arm64 (NuGet)

nuget Magick.NET-Q8-x64 (NuGet)

nuget Magick.NET-Q8-x86 (NuGet)

Summary

In ImageMagick’s magick stream command, specifying multiple consecutive %d format specifiers in a filename template causes a memory leak.

Details

  • Vulnerability Type: Memory leak
  • Affected Version: ImageMagick 7.1.1-47 (as of commit 82572afc, June 2025)

Reproduction****Tested Environment

  • Operating System: Ubuntu 22.04 LTS
  • Architecture: x86_64
  • Compiler: gcc with AddressSanitizer (gcc version: 11.4.0)

Reproduction Steps

Clone source

git clone --depth 1 --branch 7.1.1-47 https://github.com/ImageMagick/ImageMagick.git ImageMagick-7.1.1 cd ImageMagick-7.1.1

Build with ASan

CFLAGS="-g -O0 -fsanitize=address -fno-omit-frame-pointer" CXXFLAGS="$CFLAGS" LDFLAGS="-fsanitize=address" ./configure --enable-maintainer-mode --enable-shared && make -j$(nproc) && make install

Trigger crash

./utilities/magick stream %d%d a a

Output

$ magick stream %d%d a a
stream: no decode delegate for this image format `' @ error/constitute.c/ReadImage/746.
stream: missing an image filename `a' @ error/stream.c/StreamImageCommand/755.

=================================================================
==114==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 152 byte(s) in 1 object(s) allocated from:
    #0 0x7fc4ebe58887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x7fc4eb563c5c in AcquireMagickMemory MagickCore/memory.c:559
    #2 0x7fc4eb563c82 in AcquireCriticalMemory MagickCore/memory.c:635
    #3 0x7fc4eb60c2be in AcquireQuantumInfo MagickCore/quantum.c:119
    #4 0x7fc4eb6b6621 in StreamImage MagickCore/stream.c:1335
    #5 0x7fc4eb09d889 in StreamImageCommand MagickWand/stream.c:292
    #6 0x7fc4eaf1295d in MagickCommandGenesis MagickWand/magick-cli.c:177
    #7 0x55a34f7c0a0c in MagickMain utilities/magick.c:153
    #8 0x55a34f7c0cba in main utilities/magick.c:184
    #9 0x7fc4ea38fd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Indirect leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7fc4ebe5957c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
    #1 0x7fc4eb680e2f in AcquireSemaphoreMemory MagickCore/semaphore.c:154
    #2 0x7fc4eb680f30 in AcquireSemaphoreInfo MagickCore/semaphore.c:200
    #3 0x7fc4eb60d38d in GetQuantumInfo MagickCore/quantum.c:435
    #4 0x7fc4eb60c30e in AcquireQuantumInfo MagickCore/quantum.c:121
    #5 0x7fc4eb6b6621 in StreamImage MagickCore/stream.c:1335
    #6 0x7fc4eb09d889 in StreamImageCommand MagickWand/stream.c:292
    #7 0x7fc4eaf1295d in MagickCommandGenesis MagickWand/magick-cli.c:177
    #8 0x55a34f7c0a0c in MagickMain utilities/magick.c:153
    #9 0x55a34f7c0cba in main utilities/magick.c:184
    #10 0x7fc4ea38fd8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: 216 byte(s) leaked in 2 allocation(s).

Commits

Fixed in ImageMagick/ImageMagick@fc3ab08 and ImageMagick/ImageMagick6@d494605

References

  • GHSA-cfh4-9f7v-fhrc
  • https://nvd.nist.gov/vuln/detail/CVE-2025-53019
  • ImageMagick/ImageMagick@fc3ab08
  • ImageMagick/ImageMagick6@d494605
  • https://github.com/dlemstra/Magick.NET/releases/tag/14.7.0

Published to the GitHub Advisory Database

Aug 25, 2025

Last updated

Aug 25, 2025

ghsa: Latest News

GHSA-g5qg-72qw-gw5v: Next.js Affected by Cache Key Confusion for Image Optimization API Routes
ghsa