GHSA-QP59-X883-77QV

Leaking Bytes in the Fast Lane: ImageMagick OpenCL DoS

Alon Barad

Software Engineer

Jan 21, 2026·4 min read·8 visits

PoC Available

Executive Summary (TL;DR)

ImageMagick's `opencl.c` fails to properly free allocated string members within a struct when parsing malformed OpenCL device profile XMLs. While the struct container is freed, the internal pointers remain allocated, leading to a memory leak. Repeated triggering can cause Denial of Service (DoS) via OOM.

A memory leak vulnerability in ImageMagick's OpenCL device benchmark loader allows attackers to exhaust system resources via malformed XML profiles.

Attack Flow Diagram

Official Patches

ImageMagickOfficial fix commit in MagickCore

Fix Analysis (1)

Technical Appendix

CVSS Score

6.5/ 10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected Systems

ImageMagick 7.1.2-12 and earlierMagick.NET prior to 14.10.2

Affected Versions Detail

Product	Affected Versions	Fixed Version
ImageMagick ImageMagick Studio LLC	<= 7.1.2-12	7.1.2-13
Magick.NET dlemstra	< 14.10.2	14.10.2

Attribute	Detail
CWE ID	CWE-401 (Memory Leak)
Attack Vector	Local / Network (File Context)
CVSS	6.5 (Medium)
Impact	Denial of Service (DoS)
Component	OpenCL Device Benchmark Loader
Exploit Status	PoC Available

MITRE ATT&CK Mapping

T1499Endpoint Denial of Service

Impact

T1005Data from Local System

Collection

CWE-401

Memory Leak

Missing Release of Memory after Effective Lifetime

Known Exploits & Detection

GitHubReproduction details and ASAN output provided by reporters.

Vulnerability Timeline

Vulnerability Published

2026-01-21

Patch Released in 7.1.2-13

2026-01-21

Subscribe to updates

Get the latest CVE analysis reports delivered to your inbox.