CVE-2026-25969 – A memory leak vulnerability exists in ImageMagi... (How to Fix)

Q: What is the severity of CVE-2026-25969?

CVE-2026-25969 has a CVSS score of 5.3 (MEDIUM). A memory leak vulnerability exists in ImageMagick's ASHLAR image coder when processing certain images. This could allow attackers to cause denial of service by exhausting system memory through repeated exploitation. Users of ImageMagick versions before 7.1.2-15 are affected.

📋 TL;DR

A memory leak vulnerability exists in ImageMagick's ASHLAR image coder when processing certain images. This could allow attackers to cause denial of service by exhausting system memory through repeated exploitation. Users of ImageMagick versions before 7.1.2-15 are affected.

💻 Affected Systems

Products:

ImageMagick

Versions: All versions prior to 7.1.2-15

Operating Systems: All platforms running ImageMagick

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using the ASHLAR image coder functionality.

📦 What is this software?

Imagemagick by Imagemagick

View all CVEs affecting Imagemagick →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Repeated exploitation could lead to complete system memory exhaustion, causing denial of service and potential system crashes.

🟠

Likely Case

Degraded performance or application crashes due to memory exhaustion over time with repeated malicious image processing.

🟢

If Mitigated

Minimal impact with proper memory limits and monitoring in place.

🌐 Internet-Facing: MEDIUM - Web applications processing user-uploaded images could be targeted.

🏢 Internal Only: LOW - Requires local access or internal image processing workflows.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires processing a specially crafted ASHLAR image file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.1.2-15

Vendor Advisory: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xgm3-v4r9-wfgm

Restart Required: No

Instructions:

1. Update ImageMagick to version 7.1.2-15 or later. 2. For package managers: 'sudo apt update && sudo apt upgrade imagemagick' (Debian/Ubuntu) or 'sudo yum update imagemagick' (RHEL/CentOS). 3. For source builds: Download latest from imagemagick.org and recompile.

🔧 Temporary Workarounds

Disable ASHLAR coder

linux

Remove or disable the vulnerable ASHLAR image coder module

sudo mv /usr/lib/ImageMagick-7.1.2/modules-Q16HDRI/coders/ashlar.la /usr/lib/ImageMagick-7.1.2/modules-Q16HDRI/coders/ashlar.la.disabled
sudo mv /usr/lib/ImageMagick-7.1.2/modules-Q16HDRI/coders/ashlar.so /usr/lib/ImageMagick-7.1.2/modules-Q16HDRI/coders/ashlar.so.disabled

🧯 If You Can't Patch

Implement strict memory limits for ImageMagick processes using ulimit or container constraints.
Monitor system memory usage and set alerts for abnormal consumption patterns.

🔍 How to Verify

Check if Vulnerable:

Check ImageMagick version with 'convert --version' or 'magick --version' and verify it's below 7.1.2-15.

Check Version:

convert --version | head -1

Verify Fix Applied:

Confirm version is 7.1.2-15 or higher with 'convert --version' and test processing ASHLAR images while monitoring memory usage.

📡 Detection & Monitoring

Log Indicators:

Repeated ImageMagick crashes
High memory usage alerts from monitoring systems
ASHLAR image processing errors in application logs

Network Indicators:

Unusual volume of image uploads to web applications

SIEM Query:

source="*imagemagick*" AND (error OR crash OR "memory")

📊 Metadata

CVE ID: CVE-2026-25969

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-401

Published: February 24, 2026

Last Updated: February 25, 2026

🔗 References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xgm3-v4r9-wfgm Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25969, you might also want to check these: