The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*"
],
"vendor_product": "imagemagick:imagemagick",
"extracted_events": [
{
"introduced": "7.0.1-0"
},
{
"last_affected": "7.0.1-0"
}
],
"source": "CPE_STRING"
}
]
}{
"cpe": [
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.2-6:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.2-7:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.2-8:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.3-5:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.3-6:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.3-7:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.3-9:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.3-10:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.4-0:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.4-1:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.4-2:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.4-3:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.4-4:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.4-5:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.4-6:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.4-7:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.4-8:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.4-9:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.4-10:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.5-0:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.5-1:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.5-4:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.5-5:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.5-6:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.5-7:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.5-8:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.5-9:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.5-10:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.6-0:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.6-1:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.6-2:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.6-3:*:*:*:*:*:*:*",
"cpe:2.3:a:imagemagick:imagemagick:7.0.6-4:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "7.0.1-0"
},
{
"last_affected": "7.0.1-0"
},
{
"introduced": "7.0.1-1"
},
{
"last_affected": "7.0.1-1"
},
{
"introduced": "7.0.1-2"
},
{
"last_affected": "7.0.1-2"
},
{
"introduced": "7.0.1-3"
},
{
"last_affected": "7.0.1-3"
},
{
"introduced": "7.0.1-4"
},
{
"last_affected": "7.0.1-4"
},
{
"introduced": "7.0.1-5"
},
{
"last_affected": "7.0.1-5"
},
{
"introduced": "7.0.1-6"
},
{
"last_affected": "7.0.1-6"
},
{
"introduced": "7.0.1-7"
},
{
"last_affected": "7.0.1-7"
},
{
"introduced": "7.0.1-8"
},
{
"last_affected": "7.0.1-8"
},
{
"introduced": "7.0.1-9"
},
{
"last_affected": "7.0.1-9"
},
{
"introduced": "7.0.1-10"
},
{
"last_affected": "7.0.1-10"
},
{
"introduced": "7.0.2-0"
},
{
"last_affected": "7.0.2-0"
},
{
"introduced": "7.0.2-1"
},
{
"last_affected": "7.0.2-1"
},
{
"introduced": "7.0.2-2"
},
{
"last_affected": "7.0.2-2"
},
{
"introduced": "7.0.2-3"
},
{
"last_affected": "7.0.2-3"
},
{
"introduced": "7.0.2-4"
},
{
"last_affected": "7.0.2-4"
},
{
"introduced": "7.0.2-5"
},
{
"last_affected": "7.0.2-5"
},
{
"introduced": "7.0.2-6"
},
{
"last_affected": "7.0.2-6"
},
{
"introduced": "7.0.2-7"
},
{
"last_affected": "7.0.2-7"
},
{
"introduced": "7.0.2-8"
},
{
"last_affected": "7.0.2-8"
},
{
"introduced": "7.0.2-9"
},
{
"last_affected": "7.0.2-9"
},
{
"introduced": "7.0.2-10"
},
{
"last_affected": "7.0.2-10"
},
{
"introduced": "7.0.3-0"
},
{
"last_affected": "7.0.3-0"
},
{
"introduced": "7.0.3-1"
},
{
"last_affected": "7.0.3-1"
},
{
"introduced": "7.0.3-2"
},
{
"last_affected": "7.0.3-2"
},
{
"introduced": "7.0.3-3"
},
{
"last_affected": "7.0.3-3"
},
{
"introduced": "7.0.3-4"
},
{
"last_affected": "7.0.3-4"
},
{
"introduced": "7.0.3-5"
},
{
"last_affected": "7.0.3-5"
},
{
"introduced": "7.0.3-6"
},
{
"last_affected": "7.0.3-6"
},
{
"introduced": "7.0.3-7"
},
{
"last_affected": "7.0.3-7"
},
{
"introduced": "7.0.3-8"
},
{
"last_affected": "7.0.3-8"
},
{
"introduced": "7.0.3-9"
},
{
"last_affected": "7.0.3-9"
},
{
"introduced": "7.0.3-10"
},
{
"last_affected": "7.0.3-10"
},
{
"introduced": "7.0.4-0"
},
{
"last_affected": "7.0.4-0"
},
{
"introduced": "7.0.4-1"
},
{
"last_affected": "7.0.4-1"
},
{
"introduced": "7.0.4-2"
},
{
"last_affected": "7.0.4-2"
},
{
"introduced": "7.0.4-3"
},
{
"last_affected": "7.0.4-3"
},
{
"introduced": "7.0.4-4"
},
{
"last_affected": "7.0.4-4"
},
{
"introduced": "7.0.4-5"
},
{
"last_affected": "7.0.4-5"
},
{
"introduced": "7.0.4-6"
},
{
"last_affected": "7.0.4-6"
},
{
"introduced": "7.0.4-7"
},
{
"last_affected": "7.0.4-7"
},
{
"introduced": "7.0.4-8"
},
{
"last_affected": "7.0.4-8"
},
{
"introduced": "7.0.4-9"
},
{
"last_affected": "7.0.4-9"
},
{
"introduced": "7.0.4-10"
},
{
"last_affected": "7.0.4-10"
},
{
"introduced": "7.0.5-0"
},
{
"last_affected": "7.0.5-0"
},
{
"introduced": "7.0.5-1"
},
{
"last_affected": "7.0.5-1"
},
{
"introduced": "7.0.5-4"
},
{
"last_affected": "7.0.5-4"
},
{
"introduced": "7.0.5-5"
},
{
"last_affected": "7.0.5-5"
},
{
"introduced": "7.0.5-6"
},
{
"last_affected": "7.0.5-6"
},
{
"introduced": "7.0.5-7"
},
{
"last_affected": "7.0.5-7"
},
{
"introduced": "7.0.5-8"
},
{
"last_affected": "7.0.5-8"
},
{
"introduced": "7.0.5-9"
},
{
"last_affected": "7.0.5-9"
},
{
"introduced": "7.0.5-10"
},
{
"last_affected": "7.0.5-10"
},
{
"introduced": "7.0.6-0"
},
{
"last_affected": "7.0.6-0"
},
{
"introduced": "7.0.6-1"
},
{
"last_affected": "7.0.6-1"
},
{
"introduced": "7.0.6-2"
},
{
"last_affected": "7.0.6-2"
},
{
"introduced": "7.0.6-3"
},
{
"last_affected": "7.0.6-3"
},
{
"introduced": "7.0.6-4"
},
{
"last_affected": "7.0.6-4"
}
],
"source": [
"CPE_STRING",
"REFERENCES"
]
}[
{
"digest": {
"function_hash": "178126783451469849177725589209241154981",
"length": 3768.0
},
"target": {
"function": "ProcessMSLScript",
"file": "coders/msl.c"
},
"id": "CVE-2017-12427-35a6cf18",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/imagemagick/imagemagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"8601404238236531662726788602163849012",
"145843981946109050953872077045119241523",
"254370166639936039239312264299685601372",
"240953919199291063065870971722109065915",
"183987672103320698579217827613630709099",
"60528280462233631432627297339848396105",
"308604852975117719479496011588647585476",
"206813332596571637441273548324282295006",
"138967757876837435493534809310636669045",
"311600697651132885523154418107316931691"
]
},
"target": {
"file": "coders/msl.c"
},
"id": "CVE-2017-12427-97bbabe6",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/imagemagick/imagemagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12427.json"
"2026-07-08T11:47:46Z"
{
"cpe": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "6.9.9-4"
}
],
"source": "CPE_RANGE"
}