CVE-2026-25796
Memory Leak in ImageMagick ReadSTEGANOImage Causes DoS
Publication date: 2026-02-24
Last updated on: 2026-02-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | to 6.9.13-40 (exc) |
| imagemagick | imagemagick | From 7.0.0-0 (inc) to 7.1.2-15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25796 is a moderate severity memory leak vulnerability in the ImageMagick library, specifically in the ReadSTEGANOImage() function located in coders/stegano.c.
The issue occurs because the watermark Image object allocated during the execution of ReadSTEGANOImage() is not properly freed on three distinct error or early-return paths, resulting in a definite memory leak of approximately 13,512 bytes per invocation.
This memory leak happens due to missing release of allocated memory after its effective lifetime, classified under CWE-401 (Missing Release of Memory after Effective Lifetime).
The leaked memory is allocated via AcquireMagickMemory and AcquireImage functions within the MagickCore library.
This vulnerability affects ImageMagick versions prior to 7.1.2-15 and 6.9.13-40, with patches applied in these versions.
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without requiring any privileges or user interaction.
An attacker can trigger the memory leak repeatedly, causing the affected system to consume increasing amounts of memory.
As a result, this can lead to denial of service by exhausting memory resources, reducing the availability of the system running the vulnerable ImageMagick versions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes a memory leak in ImageMagick when processing certain images using the ReadSTEGANOImage() function. Detection can involve monitoring the memory usage of ImageMagick processes for unusual increases during image processing.
You can use system monitoring commands to observe memory consumption, such as:
- On Linux, use `top` or `htop` to monitor ImageMagick processes for increasing memory usage.
- Use `ps aux --sort=-rss | grep magick` to check memory usage of ImageMagick processes.
- Run ImageMagick commands on suspicious or crafted images and observe if memory usage grows abnormally, for example: `magick convert suspicious_image.png output.png`.
There are no specific detection commands provided in the resources, but monitoring memory usage patterns during image processing is recommended.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update ImageMagick to a patched version that contains the fix for this vulnerability.
- Upgrade to ImageMagick version 7.1.2-15 or later.
- Alternatively, upgrade to ImageMagick version 6.9.13-40 or later if using the 6.x branch.
These versions contain patches that properly free the watermark Image object and prevent the memory leak.
Until the update can be applied, consider restricting or monitoring the processing of untrusted images to reduce the risk of denial of service.