CVE-2026-25796 in ImageMagickinfo

Summary

by MITRE • 02/24/2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/21/2026

ImageMagick represents a widely deployed image processing library that handles numerous formats including steganographic images through its stegano.c module. The vulnerability exists within the ReadSTEGANOImage function where memory management fails to properly handle cleanup operations during error conditions. This flaw specifically impacts the watermark object which is allocated but never deallocated when certain error paths are taken during image processing. The memory leak occurs because three distinct early return conditions in the code do not execute the necessary cleanup routine to free the watermark object, creating a persistent memory allocation that accumulates with each invocation of the vulnerable function.

The technical implementation of this vulnerability demonstrates a classic memory leak pattern where resource acquisition occurs without corresponding deallocation in error handling paths. The watermark object consumes approximately 13.5 kilobytes of memory per invocation, which may seem small but becomes significant when the function is called repeatedly or in high-volume processing scenarios. This memory consumption pattern aligns with CWE-401, which catalogs memory leak vulnerabilities in software systems. The leak specifically occurs within the stegano.c file where the function processes steganographic images, making this issue particularly relevant for applications that handle such image formats or those that process untrusted image inputs.

The operational impact of this vulnerability extends beyond simple memory consumption to potentially enable denial of service attacks against systems that rely on ImageMagick for image processing. When exploited continuously, the memory leak can gradually consume available system resources until the application or system becomes unresponsive. This makes the vulnerability particularly dangerous in server environments or applications that process large volumes of images, where repeated calls to the vulnerable function can lead to system instability. The vulnerability can be triggered through manipulation of steganographic image files, making it exploitable by attackers who can craft malicious inputs to force repeated memory allocations without cleanup.

System administrators and developers should prioritize updating to ImageMagick versions 7.1.2-15 or 6.9.13-40 which contain the necessary patch to address this memory leak. The fix implements proper cleanup routines that ensure the watermark object is freed regardless of execution path taken during error conditions. Additional mitigations include implementing input validation to restrict steganographic image processing, limiting concurrent image processing operations, and monitoring system memory usage for unusual patterns. From an ATT&CK perspective, this vulnerability could be leveraged as part of a resource exhaustion attack pattern, potentially enabling attackers to degrade system performance or availability. Organizations should also consider implementing sandboxing or containerization for image processing functions to limit the potential impact of such memory-related vulnerabilities.

Responsible

GitHub M

Reservation

02/05/2026

Disclosure

02/24/2026

Moderation

accepted

CPE

ready

EPSS

0.00376

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!