Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-25796

Опубликовано: 24 фев. 2026
Источник: debian
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
imagemagickfixed8:7.1.2.15+dfsg1-1package

Примечания

  • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w

  • Fixed by: https://github.com/ImageMagick/ImageMagick/commit/93ad259ce4f6d641eea0bee73f374af90f35efc3 (7.1.2-14)

  • Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/29aeed740553ed4e5c544e101ac468be55a919ff (6.9.13-39)

  • Followup: https://github.com/ImageMagick/ImageMagick6/commit/2024ae1d10a7481d04fb717b3fa9170fd294a8f3 (6.9.13-41)

EPSS

Процентиль: 17%
0.00055
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-25796

CVSS3: 5.3
ubuntu
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

redhat логотип

CVE-2026-25796

CVSS3: 5.3
redhat
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

nvd логотип

CVE-2026-25796

CVSS3: 5.3
nvd
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

github логотип

GHSA-g2pr-qxjg-7r2w

CVSS3: 5.3
github
около 1 месяца назад

ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths

suse-cvrf логотип

SUSE-SU-2026:0854-1

suse-cvrf
19 дней назад

Security update for ImageMagick

EPSS

Процентиль: 17%
0.00055
Низкий