CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-25638

The Silent RAM Killer: Inside the ImageMagick MSL Memory Leak

Amit Schendel
Amit Schendel
Senior Security Researcher

Feb 24, 2026·6 min read·57 visits

Executive Summary (TL;DR)

A memory leak in ImageMagick's MSL component allows attackers to crash servers via DoS. By sending requests that trigger the `WriteMSLImage` function, the server allocates memory for a cloned image but never frees it. Fix involves patching to 7.1.2-15+ or disabling MSL in policy.xml.

ImageMagick, the ubiquitous Swiss Army knife of image processing, has stumbled again—not with a high-profile Remote Code Execution (RCE) this time, but with a silent killer: a memory leak in the Magick Scripting Language (MSL) encoder. CVE-2026-25638 allows unauthenticated attackers to exhaust server memory by triggering the `WriteMSLImage` function, leading to a Denial of Service (DoS). While less glamorous than shell access, this vulnerability highlights the dangers of legacy components and improper resource management in C.

The Hook: The Forgotten Scripting Language

ImageMagick is the software equivalent of a hoarder's garage. It keeps everything. Did you know ImageMagick has its own XML-based scripting language called MSL (Magick Scripting Language)? Neither did half the developers using it. But in the world of vulnerability research, obscure features are where the bodies are buried.

CVE-2026-25638 targets this specific corner of the codebase: the coders/msl.c module. This component is responsible for interpreting and writing MSL scripts. While modern web applications typically interact with ImageMagick via libraries or CLI wrappers to convert JPEGs to PNGs, the internal machinery still loads these obscure coders if not explicitly forbidden.

This vulnerability isn't the flashy "ImageTragick" RCE that keeps CISOs up at night. It's something more insidious. It's a resource exhaustion bug—a memory leak. It’s the equivalent of opening a new tab in Chrome every time a user visits your site, but never closing it. Eventually, the machine stops responding. For high-throughput image processing pipelines (like those used by social media platforms or e-commerce sites), this is a production-halting nightmare waiting to happen.

The Flaw: A Classic C Blunder

To understand this bug, we have to look at how ImageMagick handles image transformations internally. When the MSL writer is invoked, it needs to perform operations on an image without destroying the original data immediately. To do this, it creates a clone.

In coders/msl.c, the function WriteMSLImage is called. Its job is to take the current image state and process it according to the MSL script provided. The developers correctly identified that they shouldn't modify the input image directly in case the operation failed or needed to be non-destructive initially. So, they called CloneImage.

Here is where the logic falls apart. In C, there is no garbage collector to sweep up after you. If you malloc (or in this case, CloneImage), you must free (or DestroyImageList). The vulnerable code allocates a potentially large structure on the heap to hold the msl_image, passes it to the processing function, and then... just walks away. The function returns the status code, leaving the cloned image stranded in memory. It is an orphan object, occupying RAM, with no pointer left to free it.

The Code: The Smoking Gun

Let's look at the diff. It is painfully simple, which is characteristic of the most annoying bugs to debug. The fix introduced in commit 1e88fca11c7b8517100d518bc99bd8c474f02f88 adds exactly one line of cleanup code.

Here is the vulnerable flow in coders/msl.c:

/* Vulnerable Code */
static MagickBooleanType WriteMSLImage(const ImageInfo *image_info, Image *image,
  ExceptionInfo *exception)
{
  Image *msl_image;
  MagickBooleanType status;
 
  /* ... setup code ... */
 
  /* 1. ALLOCATION: Create a deep copy of the image */
  msl_image = CloneImage(image, 0, 0, MagickTrue, exception);
 
  /* 2. USE: Process the script using the clone */
  status = ProcessMSLScript(image_info, &msl_image, exception);
 
  /* 3. RETURN: The function exits, leaking msl_image! */
  return(status);
}

The fix is the digital equivalent of remembering to turn off the stove:

   msl_image=CloneImage(image,0,0,MagickTrue,exception);
   status=ProcessMSLScript(image_info,&msl_image,exception);
+  msl_image=DestroyImageList(msl_image);
   return(status);

Without that DestroyImageList call, every single request that hits this code path leaks the size of the image structure plus its pixel cache. If you send a 4K image to be processed by MSL, you aren't just leaking a few bytes; you could be leaking dozens of megabytes per request.

The Exploit: Draining the Pool

How do we weaponize a memory leak? We don't need complex shellcode or ROP chains. We just need persistence and volume. The goal is the OOM (Out of Memory) Killer.

The Attack Vector

The attacker needs to force the server to invoke the MSL coder. If the application allows users to upload files and automatically detects the format based on magic bytes or file extension, the attacker can upload a file named payload.msl or simply an XML file with MSL headers.

The Scenario

  1. Recon: The attacker identifies an endpoint like /api/convert or /profile/upload that uses ImageMagick.
  2. Trigger: The attacker constructs a valid (or even semi-valid) MSL script.
    <?xml version="1.0" encoding="UTF-8"?>
    <image>
      <read filename="image.jpg" />
      <resize geometry="100x100" />
      <write filename="output.png" />
    </image>
  3. Amplification: The attacker wraps this request in a script loop. They launch 50 concurrent threads sending this MSL payload repeatedly.
  4. Effect: On the server side, WriteMSLImage is called 50 times a second. Each call clones image.jpg. The heap grows. The garbage collector (if the app wrapper has one) can't help because the leak is inside the C library, outside the managed runtime's view.
  5. Crash: The available RAM hits 100%. The Linux kernel invokes the OOM Killer, which likely terminates the web server process or the magick worker. The service goes dark.

The Mitigation: Patch or Policy

There are two ways to fix this. One is surgical, the other is architectural.

1. The Patch (Surgical)

Obviously, update ImageMagick. The fix is available in versions 7.1.2-15 and 6.9.13-40. This patches the specific leak in coders/msl.c. If you are compiling from source, ensure you have commit 1e88fca applied.

2. The Policy (Architectural)

This is the "Hacker's Choice" for defense. Why does your web server even know how to process MSL scripts? The principle of least privilege applies to code, too. ImageMagick's policy.xml is a powerful firewall for format parsers.

You should explicitly disable the MSL coder (and any others you don't use, like MVG, XPS, or PDF) to reduce your attack surface.

<policymap>
  <!-- Disable MSL completely -->
  <policy domain="coder" rights="none" pattern="MSL" />
  <!-- While you're at it, disable these usually dangerous ones too -->
  <policy domain="coder" rights="none" pattern="MVG" />
  <policy domain="coder" rights="none" pattern="HTTPS" />
</policymap>

By adding this policy, even if the binary is vulnerable, the exploit fails at step 1 because ImageMagick will refuse to load the MSL module entirely.

Official Patches

ImageMagickOfficial patch commit

Fix Analysis (1)

Technical Appendix

CVSS Score
5.3/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Probability
0.04%
Top 88% most exploited

Affected Systems

ImageMagick 7.x < 7.1.2-15ImageMagick 6.x < 6.9.13-40Web applications handling user-supplied images via ImageMagick

Affected Versions Detail

Product
Affected Versions
Fixed Version
ImageMagick
ImageMagick
>= 7.0.0, < 7.1.2-157.1.2-15
ImageMagick
ImageMagick
< 6.9.13-406.9.13-40
AttributeDetail
CWE IDCWE-401 (Missing Release of Memory)
CVSS v3.15.3 (Medium)
Attack VectorNetwork (AV:N)
ImpactDenial of Service (Availability)
Componentcoders/msl.c (WriteMSLImage)
Exploit MaturityProof of Concept

MITRE ATT&CK Mapping

T1499Endpoint Denial of Service
Impact
T1499.003Application or System Exploitation
Impact
CWE-401
Improper Resource Shutdown or Release

Missing Release of Memory after Effective Lifetime

Known Exploits & Detection

GitHub Security AdvisoryAdvisory containing technical details on the memory leak

Vulnerability Timeline

Patch committed by Dirk Lemstra
2026-02-03
CVE-2026-25638 Published
2026-02-24
GHSA Advisory Released
2026-02-24

References & Sources

  • [1]GHSA-gxcx-qjqp-8vjw
  • [2]NVD CVE-2026-25638

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•6 minutes ago•CVE-2026-48594
8.2

CVE-2026-48594: Decompression Bomb Denial of Service in Elixir Tesla HTTP Client

An improper handling of highly compressed data (decompression bomb) vulnerability exists in the Elixir Tesla HTTP client when utilizing response decompression middlewares. By serving highly compressed responses or stacked content-encoding headers, a malicious server can cause arbitrary heap exhaustion, leading to a denial of service (DoS) crash in the BEAM virtual machine.

Amit Schendel
Amit Schendel
0 views•6 min read
•36 minutes ago•CVE-2026-48595
8.2

CVE-2026-48595: Cross-Origin Credential Leakage in Elixir Tesla Client via Case-Sensitive Redirect Filter Bypass

A high-severity security vulnerability in Elixir's Tesla HTTP client library (CVE-2026-48595) allows unauthenticated remote attackers to harvest sensitive credentials, including Authorization headers and cookies. The flaw resides in the 'Tesla.Middleware.FollowRedirects' component, which performs case-sensitive lookups when stripping credentials during cross-origin redirects. Because HTTP headers are case-insensitive by RFC specifications, standard canonical casing (e.g., 'Authorization') bypasses the lowercase-only blocklist, leaking tokens to untrusted external redirect destinations.

Alon Barad
Alon Barad
2 views•5 min read
•about 1 hour ago•CVE-2026-48597
8.2

CVE-2026-48597: Denial of Service via Atom Table Exhaustion in Elixir Tesla Client (Mint Adapter)

CVE-2026-48597 is a high-severity Denial of Service (DoS) vulnerability in the Elixir HTTP client library Tesla (specifically involving the Mint adapter) that allows an unauthenticated remote attacker to cause an unrecoverable crash of the Erlang Virtual Machine (BEAM). The flaw arises from the dynamic conversion of untrusted URL schemes into Erlang atoms without validation, leading to global atom table exhaustion.

Alon Barad
Alon Barad
3 views•8 min read
•about 2 hours ago•CVE-2026-48598
2.1

CVE-2026-48598: Multipart Part Header Injection and Request Smuggling in elixir-tesla

An Improper Encoding or Escaping of Output vulnerability (CWE-116) in elixir-tesla allowed unauthenticated remote code execution or request smuggling via unescaped Content-Disposition parameters in multipart form-data requests.

Amit Schendel
Amit Schendel
5 views•5 min read
•about 2 hours ago•CVE-2026-49851
7.5

CVE-2026-49851: Algorithmic Complexity Denial of Service in Mistune Markdown Parser

CVE-2026-49851 is a high-severity algorithmic complexity vulnerability in the Mistune Markdown parser. Under specific conditions involving dense, unmatched nesting of opening square brackets, the parser fallback loops degrade from linear execution time to a worst-case quadratic complexity. This allows unauthenticated remote attackers to trigger complete CPU exhaustion and subsequent Denial of Service with a highly compact payload.

Alon Barad
Alon Barad
8 views•6 min read
•about 3 hours ago•CVE-2026-48862
8.2

CVE-2026-48862: Unbounded Resource Allocation via HTTP/2 PUSH_PROMISE Flooding in Mint

An allocation of resources without limits or throttling vulnerability in the Elixir Mint HTTP client library allows malicious HTTP/2 servers to trigger memory exhaustion and application denial of service. The flaw exists because Mint fails to validate server-push concurrency limits during the receipt of PUSH_PROMISE frames, deferring validation to the HEADERS phase. This allows a server to reserve an unlimited number of streams in the client's memory map.

Amit Schendel
Amit Schendel
6 views•7 min read