Search for vulnerabilities
| Vulnerability ID | VCID-s5bc-6ud4-t3a7 |
| Aliases |
CVE-2026-25638
GHSA-gxcx-qjqp-8vjw |
| Summary | ImageMagick has memory leak in msl encoder Memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. ``` ==78983== Memcheck, a memory error detector ==78983== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. ==78983== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info ==78983== ==78983== 177,196 (13,512 direct, 163,684 indirect) bytes in 1 blocks are definitely lost in loss record 21 of 21 ==78983== at 0x4846828: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ``` |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| epss | 0.0002 | https://api.first.org/data/v1/epss?cve=CVE-2026-25638 |
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-gxcx-qjqp-8vjw |
| cvssv3.1_qr | MODERATE | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw |
| Percentile | 0.05832 |
| EPSS Score | 0.0002 |
| Published At | May 30, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-30T21:06:47.712520+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-HDRI-x64/CVE-2026-25638.yml | 38.6.0 |