Cyber Resilience

CVE-2026-25796

Medium

Published: 24 February 2026

Published
24 February 2026
Modified
24 February 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0003 8.0th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25796 is a medium-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 8.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-25796 is a memory leak vulnerability in ImageMagick, a free and open-source software suite for editing and manipulating digital images. The issue resides in the `ReadSTEGANOImage()` function within `coders/stegano.c`, where the `watermark` Image object is not freed along three early-return paths. This results in a definite memory leak of approximately 13.5KB or more per invocation, affecting all versions prior to 7.1.2-15 and 6.9.13-40.

The vulnerability carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating it is exploitable over the network with low attack complexity, requiring no privileges or user interaction. Any unauthenticated attacker can trigger the leak by supplying a specially crafted image that invokes the STEGANO coder, leading to repeated memory consumption and potential denial of service through resource exhaustion on affected systems processing such images.

The ImageMagick GitHub security advisory (GHSA-g2pr-qxjg-7r2w) confirms the patch in versions 7.1.2-15 and 6.9.13-40, which addresses the failure to free the watermark object on the identified early-return paths. Security practitioners should update to these fixed releases to mitigate the issue, classified under CWE-401 (Memory Leak).

EU & UK References

Vulnerability details

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+…

more

per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Memory leak in image processing function can be triggered remotely by crafted input to exhaust application resources, directly enabling T1499.004 (Application or System Exploitation) for denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25988Same product: Imagemagick Imagemagick
CVE-2026-25969Same product: Imagemagick Imagemagick
CVE-2026-30883Same product: Imagemagick Imagemagick
CVE-2026-26283Same product: Imagemagick Imagemagick
CVE-2026-22770Same product: Imagemagick Imagemagick
CVE-2026-25989Same product: Imagemagick Imagemagick
CVE-2026-25971Same product: Imagemagick Imagemagick
CVE-2026-28691Same product: Imagemagick Imagemagick
CVE-2026-25795Same product: Imagemagick Imagemagick
CVE-2026-30931Same product: Imagemagick Imagemagick

Affected Assets

imagemagick
imagemagick
≤ 6.9.13-40 · 7.0.0-0 — 7.1.2-15

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patch that frees the watermark object on all early-return paths in ReadSTEGANOImage().

prevent

Mandates protection against network-exploitable resource-exhaustion DoS attacks that repeatedly trigger the 13.5 KB leak.

prevent

Limits allocation and availability of memory resources so that repeated STEGANO invocations cannot exhaust system memory.

References