GHSA-qp59-x883-77qv: ImageMagick has a Memory Leak in LoadOpenCLDeviceBenchmark() when parsing malformed XML

January 21, 2026

A memory leak vulnerability exists in the LoadOpenCLDeviceBenchmark() function in MagickCore/opencl.c. When parsing a malformed OpenCL device profile XML file that contains <device elements without proper /> closing tags, the function fails to release allocated memory for string members (platform_name, vendor_name, name, version), leading to memory leaks that could result in resource exhaustion.

Affected Version: ImageMagick 7.1.2-12 and possibly earlier versions

References

github.com/ImageMagick/ImageMagick
github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv
github.com/advisories/GHSA-qp59-x883-77qv
github.com/dlemstra/Magick.NET/releases/tag/14.10.2

Code Behaviors & Features

Detect and mitigate GHSA-qp59-x883-77qv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →