CVE-2026-25988

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40

Description ImageMagick is software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the msl.c component may fail to update the stack index, leading to memory leaks when an image is stored in an incorrect memory slot and not freed during error handling.

Recommendations Update to ImageMagick version 7.1.2-15 or later. Update to ImageMagick version 6.9.13-40 or later.

Exploit

Fix

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

CVE-2026-25988

ECHO-15FF-770A-3861

GHSA-782X-JH29-9MF7

OESA-2026-1452

OESA-2026-1453

OESA-2026-1454

OESA-2026-1455

OESA-2026-1456

OESA-2026-1457

OPENSUSE-SU-2026:10267-1

OPENSUSE-SU-2026:20337-1

SUSE-SU-2026:0851-1

SUSE-SU-2026:0852-1

SUSE-SU-2026:0853-1

SUSE-SU-2026:0854-1

USN-8127-1

Affected Products

Imagemagick

Linuxmint

Ubuntu

CVE-2026-25988

Weakness Enumeration

Related Identifiers

Affected Products

References · 157