CVE-2026-25796

Medium

Published: 24 February 2026

Published

24 February 2026

Modified

24 February 2026

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score 0.0003 7.7th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25796 is a medium-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Imagemagick Imagemagick. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 7.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Memory leak in image processing function can be triggered remotely by crafted input to exhaust application resources, directly enabling T1499.004 (Application or System Exploitation) for denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+…

per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Deeper analysisAI

CVE-2026-25796 is a memory leak vulnerability in ImageMagick, a free and open-source software suite for editing and manipulating digital images. The issue resides in the `ReadSTEGANOImage()` function within `coders/stegano.c`, where the `watermark` Image object is not freed along three early-return paths. This results in a definite memory leak of approximately 13.5KB or more per invocation, affecting all versions prior to 7.1.2-15 and 6.9.13-40.

The vulnerability carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating it is exploitable over the network with low attack complexity, requiring no privileges or user interaction. Any unauthenticated attacker can trigger the leak by supplying a specially crafted image that invokes the STEGANO coder, leading to repeated memory consumption and potential denial of service through resource exhaustion on affected systems processing such images.

The ImageMagick GitHub security advisory (GHSA-g2pr-qxjg-7r2w) confirms the patch in versions 7.1.2-15 and 6.9.13-40, which addresses the failure to free the watermark object on the identified early-return paths. Security practitioners should update to these fixed releases to mitigate the issue, classified under CWE-401 (Memory Leak).

Details

CWE(s): CWE-401

Affected Products

imagemagick

≤ 6.9.13-40 · 7.0.0-0 — 7.1.2-15

CVEs Like This One

CVE-2026-25969Same product: Imagemagick Imagemagick

CVE-2026-25988Same product: Imagemagick Imagemagick

CVE-2026-33908Same product: Imagemagick Imagemagick

CVE-2026-25799Same product: Imagemagick Imagemagick

CVE-2026-25989Same product: Imagemagick Imagemagick

CVE-2026-25795Same product: Imagemagick Imagemagick

CVE-2026-28691Same product: Imagemagick Imagemagick

CVE-2026-26283Same product: Imagemagick Imagemagick

CVE-2026-22770Same product: Imagemagick Imagemagick

CVE-2026-30883Same product: Imagemagick Imagemagick

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w
Vendor Advisory · security-advisories@github.com