DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-9R56-3GJQ-HQF7: GHSA-9R56-3GJQ-HQF7: Memory Leak in ImageMagick META Reader Error Path

#security #cve #cybersecurity #ghsa

GHSA-9R56-3GJQ-HQF7: Memory Leak in ImageMagick META Reader Error Path

Vulnerability ID: GHSA-9R56-3GJQ-HQF7
CVSS Score: 3.3
Published: 2026-03-26

ImageMagick and its downstream wrapper libraries, including Magick.NET, contain a memory leak vulnerability in the META reader component. The flaw, identified as CWE-401, resides in the APP1JPEG input and error handling paths within coders/meta.c. When processing malformed image profiles, the application fails to release allocated memory structures, allowing an attacker to trigger memory exhaustion and subsequent Denial of Service (DoS) by submitting specially crafted files.

TL;DR

A memory leak in ImageMagick's META reader allows attackers to cause memory exhaustion and Denial of Service (DoS) via crafted image files that trigger an unhandled error path during JPEG embedding.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-401
  • Attack Vector: Local / Network (File Parsing)
  • Impact: Denial of Service (Memory Exhaustion)
  • Exploit Status: Proof-of-Concept
  • CVSS Score: 3.3
  • Remediation: Patch Available

Affected Systems

  • ImageMagick
  • Magick.NET-Q16-AnyCPU
  • Magick.NET-Q16-HDRI-OpenMP-arm64
  • ImageMagick: < bee248ee853a686a969fae9cfb1e02dd5aae245b (Fixed in: bee248ee853a686a969fae9cfb1e02dd5aae245b)
  • Magick.NET-Q16-AnyCPU: < 14.11.1 (Fixed in: 14.11.1)
  • Magick.NET-Q16-HDRI-OpenMP-arm64: < 14.11.1 (Fixed in: 14.11.1)

Code Analysis

Commit: bee248e

Fix memory leak in META reader APP1JPEG error path and profile handling

Mitigation Strategies

  • Update ImageMagick binaries to a release containing commit bee248e.
  • Update Magick.NET NuGet dependencies to version 14.11.1 or later.
  • Enforce strict memory quotas (cgroups) on image processing containers.
  • Recycle background worker processes periodically to release unmanaged memory.

Remediation Steps:

  1. Identify all applications and services dependent on ImageMagick or Magick.NET.
  2. Verify current versions of the library in use.
  3. Update the project package files or base container images to pull the patched versions.
  4. Deploy the updated components to a staging environment and run standard image processing test suites to verify compatibility.
  5. Deploy the patched services to production and monitor memory consumption metrics to confirm the leak is resolved.

References

Read the full report for GHSA-9R56-3GJQ-HQF7 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)