CVE Catalog

CVE-2026-25969

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile - higher than 28% of all known CVEs

Summary

In ImageMagick prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure, but when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak.

Risk Assessment

The memory leak may lead to increased resource consumption, which could affect the stability of the application and the availability of services in the long run.

Recommendation

It is recommended to update ImageMagick to version 7.1.2-15 or later to mitigate this vulnerability.

Original NVD description (English source)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. Version 7.1.2-15 contains a patch.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS