CVE-2026-25637
Received Received - Intake
Memory Leak in ImageMagick ASHLAR Writer Causes Memory Exhaustion

Publication date: 2026-02-24

Last updated on: 2026-02-27

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-27
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-14
NVD
CVE-2026-25637
EUVD
EUVD-2026-7450
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 7.1.2-15 (exc)
dlemstra magick.net to 14.10.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-25637 is a moderate severity memory leak vulnerability in the ASHLAR image encoder component of ImageMagick, an open-source image processing software. The issue occurs in versions prior to 7.1.2-15 when a specially crafted image causes the encoder to allocate small memory objects that are never freed. This leads to exhaustion of process memory over time.

Technically, the vulnerability is due to missing release of memory after its effective lifetime (CWE-401). The problem was that a DrawInfo pointer was cloned but not properly destroyed after use, causing memory to be leaked.

The vulnerability was fixed in version 7.1.2-15 by changing the code to delay cloning until after label validation and explicitly destroying the allocated memory after use.

Impact Analysis

This vulnerability can be exploited remotely without any privileges or user interaction, allowing an attacker to cause a memory leak in the ImageMagick process.

The impact is a low availability impact, meaning the attacker can exhaust process memory which may lead to degraded performance or denial of service of the application using ImageMagick.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is a memory leak in the ASHLAR image writer component of ImageMagick that can be detected by monitoring the memory usage of the ImageMagick process when processing crafted images.

Technical detection can involve using memory analysis tools such as Valgrind Memcheck to observe heap allocations and frees, looking for memory that is allocated but not freed after processing images.

For example, running ImageMagick commands on suspicious or crafted images under Valgrind Memcheck can reveal the memory leak by showing definitely lost, indirectly lost, and possibly lost bytes.

  • Use Valgrind Memcheck to run ImageMagick processing commands, e.g., `valgrind --leak-check=full magick convert crafted_image.png output.png`.
  • Monitor process memory usage during image processing using system tools like `top`, `htop`, or `ps` to detect abnormal memory growth.
Mitigation Strategies

The immediate mitigation step is to upgrade ImageMagick to version 7.1.2-15 or later, where the memory leak vulnerability in the ASHLAR image writer has been fixed.

The fix involves proper management and destruction of the DrawInfo pointer used during image annotation, preventing memory from being leaked.

Until the upgrade can be applied, avoid processing untrusted or crafted images that could trigger the memory leak.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25637. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart