Vulnerability Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects that are allocated but never freed. Version 7.1.2-15 contains a patch.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagemagick | Imagemagick | < 7.1.2-15 |
| Dlemstra | Magick.Net | < 14.10.3 |
Related Weaknesses (CWE)
References
- https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22fPatch
- https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p2Vendor Advisory
- https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3ProductRelease Notes
FAQ
What is CVE-2026-25637?
CVE-2026-25637 is a vulnerability with a CVSS score of 5.3 (MEDIUM). ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process...
How severe is CVE-2026-25637?
CVE-2026-25637 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25637?
Check the references section above for vendor advisories and patch information. Affected products include: Imagemagick Imagemagick, Dlemstra Magick.Net.