CVE-2026-25969
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk28th percentile - higher than 28% of all known CVEs
Summary
In ImageMagick prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure, but when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak.
Risk Assessment
The memory leak may lead to increased resource consumption, which could affect the stability of the application and the availability of services in the long run.
Recommendation
It is recommended to update ImageMagick to version 7.1.2-15 or later to mitigate this vulnerability.
Original NVD description (English source)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. Version 7.1.2-15 contains a patch.

