{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25796", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-05T19:58:01.640Z", "datePublished": "2026-02-24T00:57:27.441Z", "dateUpdated": "2026-02-26T15:12:22.180Z"}, "containers": {"cna": {"title": "ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths", "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "lang": "en", "description": "CWE-401: Missing Release of Memory after Effective Lifetime", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": ">= 7.0.0, < 7.1.2-15", "status": "affected"}, {"version": "< 6.9.13-40", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T00:57:27.441Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "source": {"advisory": "GHSA-g2pr-qxjg-7r2w", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T15:11:19.557929Z", "id": "CVE-2026-25796", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:12:22.180Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25796", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T15:11:19.557929Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:11:38.375Z"}}], "cna": {"title": "ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths", "source": {"advisory": "GHSA-g2pr-qxjg-7r2w", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.1.2-15"}, {"status": "affected", "version": "< 6.9.13-40"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401: Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T00:57:27.441Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25796", "state": "PUBLISHED", "dateUpdated": "2026-02-26T15:12:22.180Z", "dateReserved": "2026-02-05T19:58:01.640Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-24T00:57:27.441Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6F44A65-1733-4752-AAD0-BCCC7BDBC877", "versionEndExcluding": "6.9.13-40", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AFFD439-1068-4B6F-AE01-724AC62CDCEA", "versionEndExcluding": "7.1.2-15", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}, {"lang": "es", "value": "ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, en 'ReadSTEGANOImage()' ('coders/stegano.c'), el objeto de imagen 'watermark' no se libera en tres rutas de retorno anticipado, lo que resulta en una fuga de memoria definida (~13.5KB+ por invocaci\u00f3n) que puede ser explotada para denegaci\u00f3n de servicio. Las versiones 7.1.2-15 y 6.9.13-40 contienen un parche."}], "id": "CVE-2026-25796", "lastModified": "2026-02-24T18:46:13.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-24T01:16:14.293", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of Service Vulnerability", "id": "2442112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442112"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in ImageMagick, an open-source software for image manipulation. This vulnerability is a memory leak that occurs when processing certain image objects. An attacker can exploit this flaw to repeatedly trigger the memory leak, which can lead to a Denial of Service (DoS) by consuming excessive system memory and making the application unavailable."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid processing untrusted or maliciously crafted image files with ImageMagick. If ImageMagick is used in a server-side application or service that handles external input, consider implementing resource limits for the ImageMagick process to prevent excessive memory consumption, or run the process within a sandboxed environment to contain potential denial of service attacks."}, "name": "CVE-2026-25796", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-02-24T00:57:27Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25796\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25796\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w"], "statement": "This MODERATE impact vulnerability in ImageMagick involves a memory leak when processing certain image files due to unfreed objects in the `ReadSTEGANOImage()` function. This flaw can lead to a denial of service by exhausting system memory. Red Hat Enterprise Linux and community projects utilizing ImageMagick are affected.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.2-15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-04-17T16:02:24.063827+00:00", "value": {"mitigation_remediation": ["Upgrade ImageMagick to version 7.1.2\u201115 or later, or 6.9.13\u201140 and newer, where the watermark image is correctly freed.", "When an upgrade is not immediately possible, configure the image\u2011processing environment to enforce strict memory limits or run ImageMagick in a sandboxed process so that a memory leak does not affect the entire host.", "Validate or sanitize all incoming images before handing them to ImageMagick to reduce the chance of intentionally crafted images triggering the leak."], "summary": {"action": "Apply Fix", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerable products are ImageMagick versions preceding 7.1.2\u201115 and 6.9.13\u201140. Systems running ImageMagick 7.1.2\u201115 or newer, and 6.9.13\u201140 or newer, contain the patch that frees the watermark image object properly. Any environment that employs older ImageMagick builds, such as web servers, content\u2011generation services, or local utilities that accept user\u2011supplied images, is susceptible.", "description_and_impact": "ImageMagick, a widely used image manipulation library, contains a memory leak in the ReadSTEGANOImage function for versions prior to 7.1.2\u201115 and 6.9.13\u201140. When a caller reaches one of three early\u2011return paths, the watermark image object is not freed, leaking roughly 13.5\u202fKB per invocation. Repeated processing of untrusted images can exhaust system memory and cause the image\u2011processing application or host to become unresponsive, resulting in a denial\u2011of\u2011service scenario. The vulnerability is a classic example of improper resource management (CWE\u2011401) and an unreleased resource destruction issue (CWE\u2011772).", "risk_and_exploitability": "The CVSS vector assigns a score of 5.3, indicating a moderate severity. The EPSS score is below 1\u202f%, suggesting that attacks are currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, exploiting the leak requires only feeding crafted images to a running ImageMagick instance. If an application processes external images without bounds, an attacker can trigger the early\u2011return paths repeatedly, gradually consuming memory until a service crash or restart occurs. The overall risk is moderate, especially for high\u2011availability or high\u2011traffic image services."}}}}, "created": "2026-02-24T09:54:09.023654+00:00", "updated": "2026-04-17T16:15:22.634215+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}