ImageMagick Heap-Use-After-Free Vulnerability in MSL Encoder

A heap-use-after-free vulnerability has been identified in ImageMagick versions prior to 7.1.2-16 and 6.9.13-41. The issue arises in the MSL encoder, where a cloned image is improperly destroyed twice, leading to potential memory corruption. This vulnerability is particularly concerning as it can be exploited to manipulate memory in a way that could be harmful. The MSL coder, which previously allowed writing MSL, has had this capability removed due to the vulnerability.

Impact

Exploitation of this vulnerability can lead to a heap-use-after-free condition, where memory is freed but still accessible, potentially allowing for arbitrary code execution or causing a program crash.

Reproduction

The vulnerability can be reproduced by using ImageMagick to process an MSL file that triggers the double-free condition in the MSL encoder. This can be done by creating a crafted image that, when processed, causes the encoder to clone and then improperly free the image twice.

Remediation

Users can upgrade to ImageMagick versions 7.1.2-16 or 6.9.13-41 to address this vulnerability.