CVE-2026-25637

Published: Feb 24, 2026Modified: Feb 27, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: security-advisories@github.com (Secondary)

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch.

Affected (2)

Products: Imagemagick: Imagemagick · Dlemstra: Magick.net

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Before 7.1.2-15

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Dlemstra Magick.net	Before 14.10.3

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (3)

https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137

Source: security-advisories@github.com

Patch

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258

Source: security-advisories@github.com

Vendor Advisory

https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

Source: security-advisories@github.com

ProductRelease Notes

Timeline

No history available yet.