← Back

CVE-2026-25638

nvd nist
Published: Feb 24, 2026Modified: Feb 24, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Exploitability: 3.9 / Impact: 1.4
Source: security-advisories@github.com (Secondary)

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Affected (2)

Imagemagick
1 product
Imagemagick
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Imagemagick
Imagemagick
Before 6.9.13-40
Imagemagick
From 7.0.0-0 to 7.1.2-15

Related CWEs

CWE-401
Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (1)

Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.