ImageMagick has memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths

Summary

In ReadSTEGANOImage() (coders/stegano.c), the watermark Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service.

Direct leak of 13512 byte(s) in 1 object(s) allocated from:
    #0 0x7f5c11e27887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x55cdc38f65c4 in AcquireMagickMemory MagickCore/memory.c:536
    #2 0x55cdc38f65eb in AcquireCriticalMemory MagickCore/memory.c:612
    #3 0x55cdc3899e91 in AcquireImage MagickCore/image.c:154

References

dlemstra published to ImageMagick/ImageMagick Feb 23, 2026

Published by the National Vulnerability Database Feb 24, 2026

Published to the GitHub Advisory Database Feb 24, 2026

Reviewed Feb 24, 2026

Last updated Feb 24, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Summary

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Exploit Prediction Scoring System (EPSS)

Weaknesses

Missing Release of Memory after Effective Lifetime

CVE ID

GHSA ID

Source code

Credits

Uh oh!