CVE-2026-25988: ImageMagick: MSL image stack index may fail to refresh, leading to leaked images
Sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks.
==841485==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 13512 byte(s) in 1 object(s) allocated from:
References
- github.com/ImageMagick/ImageMagick
- github.com/ImageMagick/ImageMagick/commit/4354fc1d554ec2e6314aed13536efa7bde9593d2
- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7
- github.com/advisories/GHSA-782x-jh29-9mf7
- github.com/dlemstra/Magick.NET/releases/tag/14.10.3
- nvd.nist.gov/vuln/detail/CVE-2026-25988
Code Behaviors & Features
Detect and mitigate CVE-2026-25988 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →