Monthly
Memory leak in ImageMagick's TIFF encoder - affecting the 7.x branch before 7.1.2-26 and the 6.x branch before 6.9.13-51 - allows an attacker or application to cause gradual memory exhaustion by repeatedly supplying an invalid tiff:tile-geometry parameter during TIFF encoding operations. The flaw scores 2.0 under CVSS 4.0 with only low availability impact, a local attack vector, high complexity, and prerequisite conditions, placing it firmly in the low-severity tier. No public exploit code has been identified and the vulnerability is absent from the CISA KEV catalog, indicating no confirmed active exploitation at the time of analysis.
Memory leak in ImageMagick's ICON decoder exposes services that process user-supplied images to a potential denial of service. Both the 7.x and 6.x release branches are affected - specifically versions before 7.1.2-26 and 6.9.13-51 respectively. An unauthenticated remote attacker (per CVSS PR:N) who can supply a crafted ICON file to an ImageMagick-processing endpoint can repeatedly trigger allocation failures that are never cleaned up, gradually exhausting process memory. No public exploit or active exploitation has been identified at time of analysis.
Memory leak in ImageMagick's MIFF encoder (CWE-401) affects the 7.x branch before 7.1.2-26 and the 6.x branch before 6.9.13-51, enabling denial of service through resource exhaustion. When a memory allocation fails during MIFF image encoding, previously allocated buffers are not released, causing memory to accumulate across repeated processing calls. The CVSS 4.0 score of 2.1 and a local attack vector (AV:L) with high complexity (AC:H) and specific prerequisites (AT:P) signal a low-priority finding with no public exploit and no CISA KEV listing.
Memory leak in ImageMagick's YUV decoder (versions before 7.1.2-26 and 6.9.x before 6.9.13-51) enables remote denial of service by repeatedly submitting malformed YUV images that trigger a failed blob open, leaking heap memory on each decode attempt. No confidentiality or integrity impact applies; exposure is limited to availability of image-processing services that accept untrusted input. No public exploit code or active exploitation has been identified at time of analysis.
Memory leak in ImageMagick's TIFF encoder before version 7.1.2-26 enables denial of service via controlled memory allocation failures. An attacker who can submit TIFF images for processing can repeatedly trigger allocation failures, causing the encoder to leak memory without releasing it, ultimately exhausting available system memory. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 2.1 reflects the constrained local attack vector and low availability impact.
Memory leak in ImageMagick's JNG encoder before version 7.1.2-26 enables local resource exhaustion when malformed JNG files cause blob open failures without subsequent memory release. The flaw is classified CWE-401 and carries a CVSS 4.0 score of just 2.1, reflecting a local attack vector, high complexity, and availability-only impact - no confidentiality or integrity loss is possible. No public exploit code and no active exploitation (CISA KEV) have been identified, making this a low-priority finding relevant primarily to services that batch-process untrusted image files.
ImageMagick's hough lines operation leaks a small amount of memory when a specific internal sub-operation fails, affecting the 7.x branch before 7.1.2-26 and the 6.x legacy branch before 6.9.13-51. This CWE-401 flaw is locally exploitable only under high attack complexity with specific prerequisites, producing a low availability impact with no confidentiality or integrity consequence - reflected in the CVSS 4.0 score of 2.1. No public exploit or active exploitation has been identified at time of analysis; this is a low-priority maintenance patch with no realistic threat-actor motivation.
ImageMagick's log colorspace color transformation leaks a small amount of memory when the operation fails, affecting versions prior to 7.1.2-26 and 6.9.13-51. The flaw (CWE-401) resides in an error-handling code path that fails to release allocated memory, meaning repeated invocations that trigger failures could contribute to incremental memory exhaustion. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified; the CVSS 4.0 score of 2.1 reflects the highly constrained and low-impact nature of this issue.
ImageMagick's TIFF encoder leaks a small quantity of memory when a temporary file cannot be created during encoding operations, affecting versions 7.x before 7.1.2-26 and 6.x before 6.9.13-51. The CVSS 4.0 score of 2.1 and vector (AV:L/AC:H/AT:P) place this firmly in minimal-severity territory: exploitation is local, requires high complexity, and depends on a platform-specific precondition. No public exploit has been identified, the flaw is not listed in CISA KEV, and the described impact is limited to a small, incremental availability reduction with no confidentiality or integrity consequences.
Memory exhaustion denial of service in ImageMagick through 7.1.2-18 arises from the ASHLAR coder failing to release a temporary image object when an internal action fails, allowing an attacker who can supply malicious ASHLAR files to a processing pipeline to cumulatively exhaust process memory. The CVSS 4.0 vector (AV:L/UI:P) confirms this is a local-vector attack requiring passive user or pipeline interaction to process the crafted file, not a remote unauthenticated scenario. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; confirmed fixed versions exist for Magick.NET NuGet packages at 14.11.1.
Memory leak in ImageMagick's TIFF encoder - affecting the 7.x branch before 7.1.2-26 and the 6.x branch before 6.9.13-51 - allows an attacker or application to cause gradual memory exhaustion by repeatedly supplying an invalid tiff:tile-geometry parameter during TIFF encoding operations. The flaw scores 2.0 under CVSS 4.0 with only low availability impact, a local attack vector, high complexity, and prerequisite conditions, placing it firmly in the low-severity tier. No public exploit code has been identified and the vulnerability is absent from the CISA KEV catalog, indicating no confirmed active exploitation at the time of analysis.
Memory leak in ImageMagick's ICON decoder exposes services that process user-supplied images to a potential denial of service. Both the 7.x and 6.x release branches are affected - specifically versions before 7.1.2-26 and 6.9.13-51 respectively. An unauthenticated remote attacker (per CVSS PR:N) who can supply a crafted ICON file to an ImageMagick-processing endpoint can repeatedly trigger allocation failures that are never cleaned up, gradually exhausting process memory. No public exploit or active exploitation has been identified at time of analysis.
Memory leak in ImageMagick's MIFF encoder (CWE-401) affects the 7.x branch before 7.1.2-26 and the 6.x branch before 6.9.13-51, enabling denial of service through resource exhaustion. When a memory allocation fails during MIFF image encoding, previously allocated buffers are not released, causing memory to accumulate across repeated processing calls. The CVSS 4.0 score of 2.1 and a local attack vector (AV:L) with high complexity (AC:H) and specific prerequisites (AT:P) signal a low-priority finding with no public exploit and no CISA KEV listing.
Memory leak in ImageMagick's YUV decoder (versions before 7.1.2-26 and 6.9.x before 6.9.13-51) enables remote denial of service by repeatedly submitting malformed YUV images that trigger a failed blob open, leaking heap memory on each decode attempt. No confidentiality or integrity impact applies; exposure is limited to availability of image-processing services that accept untrusted input. No public exploit code or active exploitation has been identified at time of analysis.
Memory leak in ImageMagick's TIFF encoder before version 7.1.2-26 enables denial of service via controlled memory allocation failures. An attacker who can submit TIFF images for processing can repeatedly trigger allocation failures, causing the encoder to leak memory without releasing it, ultimately exhausting available system memory. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 2.1 reflects the constrained local attack vector and low availability impact.
Memory leak in ImageMagick's JNG encoder before version 7.1.2-26 enables local resource exhaustion when malformed JNG files cause blob open failures without subsequent memory release. The flaw is classified CWE-401 and carries a CVSS 4.0 score of just 2.1, reflecting a local attack vector, high complexity, and availability-only impact - no confidentiality or integrity loss is possible. No public exploit code and no active exploitation (CISA KEV) have been identified, making this a low-priority finding relevant primarily to services that batch-process untrusted image files.
ImageMagick's hough lines operation leaks a small amount of memory when a specific internal sub-operation fails, affecting the 7.x branch before 7.1.2-26 and the 6.x legacy branch before 6.9.13-51. This CWE-401 flaw is locally exploitable only under high attack complexity with specific prerequisites, producing a low availability impact with no confidentiality or integrity consequence - reflected in the CVSS 4.0 score of 2.1. No public exploit or active exploitation has been identified at time of analysis; this is a low-priority maintenance patch with no realistic threat-actor motivation.
ImageMagick's log colorspace color transformation leaks a small amount of memory when the operation fails, affecting versions prior to 7.1.2-26 and 6.9.13-51. The flaw (CWE-401) resides in an error-handling code path that fails to release allocated memory, meaning repeated invocations that trigger failures could contribute to incremental memory exhaustion. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified; the CVSS 4.0 score of 2.1 reflects the highly constrained and low-impact nature of this issue.
ImageMagick's TIFF encoder leaks a small quantity of memory when a temporary file cannot be created during encoding operations, affecting versions 7.x before 7.1.2-26 and 6.x before 6.9.13-51. The CVSS 4.0 score of 2.1 and vector (AV:L/AC:H/AT:P) place this firmly in minimal-severity territory: exploitation is local, requires high complexity, and depends on a platform-specific precondition. No public exploit has been identified, the flaw is not listed in CISA KEV, and the described impact is limited to a small, incremental availability reduction with no confidentiality or integrity consequences.
Memory exhaustion denial of service in ImageMagick through 7.1.2-18 arises from the ASHLAR coder failing to release a temporary image object when an internal action fails, allowing an attacker who can supply malicious ASHLAR files to a processing pipeline to cumulatively exhaust process memory. The CVSS 4.0 vector (AV:L/UI:P) confirms this is a local-vector attack requiring passive user or pipeline interaction to process the crafted file, not a remote unauthenticated scenario. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; confirmed fixed versions exist for Magick.NET NuGet packages at 14.11.1.