CVE-2026-25969
Received Received - Intake
Memory Leak in ImageMagick ashlar.c Causes Resource Exhaustion

Publication date: 2026-02-24

Last updated on: 2026-02-25

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. Version 7.1.2-15 contains a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25969
EUVD
EUVD-2026-7431
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
imagemagick imagemagick to 7.1.2-15 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-25969 is a moderate severity memory leak vulnerability in the ImageMagick software, specifically in the coders/ashlar.c source file. The issue occurs in the WriteASHLARImage function, which allocates memory for a structure but fails to properly release this memory when an exception is thrown. This results in a potential memory leak where allocated memory remains unreleased.

This vulnerability affects ImageMagick versions prior to 7.1.2-15 and has been fixed in version 7.1.2-15.

Impact Analysis

This vulnerability allows an attacker to remotely cause a memory leak without requiring any privileges or user interaction. The memory leak can lead to resource exhaustion on the affected system, potentially reducing its availability.

While it does not impact confidentiality or integrity, the low impact on availability means that the system could become less responsive or unstable due to the unreleased memory accumulating over time.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is a memory leak in the WriteASHLARImage function of ImageMagick prior to version 7.1.2-15. Detection involves monitoring the ImageMagick process for abnormal memory usage or leaks.

Using memory analysis tools such as Valgrind can help detect the memory leak. For example, running ImageMagick commands under Valgrind can reveal unreleased memory blocks.

  • Run Valgrind on ImageMagick commands that use the ashlar coder, e.g.: valgrind --leak-check=full magick convert input.png output.png
  • Monitor system memory usage of ImageMagick processes over time to detect leaks.
Mitigation Strategies

The primary mitigation step is to upgrade ImageMagick to version 7.1.2-15 or later, where the memory leak has been patched.

Until the upgrade can be applied, limit exposure by restricting network access to services using vulnerable ImageMagick versions, as the vulnerability can be exploited remotely without authentication.

Monitor system resources to detect potential memory exhaustion caused by exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25969. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart