CVE-2026-25638

Опубликовано: 24 фев. 2026

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in coders/msl.c. In the WriteMSLImage function of the msl.c file, resources are allocated. But the function returns early without releasing these allocated resources. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Ссылки

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия до 6.9.13-40 (исключая)

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Версия от 7.0.0-0 (включая) до 7.1.2-15 (исключая)

EPSS

Процентиль: 17%

0.00054

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-401

Связанные уязвимости

CVE-2026-25638

CVSS3: 5.3

ubuntu

около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

CVE-2026-25638

CVSS3: 5.3

redhat

около 1 месяца назад

CVE-2026-25638

CVSS3: 5.3

debian

около 1 месяца назад

ImageMagick is free and open-source software used for editing and mani ...

GHSA-gxcx-qjqp-8vjw

CVSS3: 5.3

github

около 1 месяца назад

ImageMagick has memory leak in msl encoder

SUSE-SU-2026:0853-1

suse-cvrf

19 дней назад

Security update for ImageMagick

EPSS

Процентиль: 17%

0.00054

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-401