Overview

File ImageMagick-CVE-2026-25796.patch of Package ImageMagick.42998

From 93ad259ce4f6d641eea0bee73f374af90f35efc3 Mon Sep 17 00:00:00 2001
From: Dirk Lemstra <dirk@lemstra.org>
Date: Fri, 6 Feb 2026 21:10:47 +0100
Subject: [PATCH] Prevent memory leak in early exits (GHSA-g2pr-qxjg-7r2w)

---
 coders/stegano.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/coders/stegano.c b/coders/stegano.c
index 1b5b366063a..f3aa0f81046 100644
--- a/coders/stegano.c
+++ b/coders/stegano.c
@@ -150,15 +150,22 @@ static Image *ReadSTEGANOImage(const ImageInfo *image_info,
     return(DestroyImage(image));
   watermark->depth=MAGICKCORE_QUANTUM_DEPTH;
   if (AcquireImageColormap(image,MaxColormapSize,exception) == MagickFalse)
-    ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+    {
+      watermark=DestroyImage(watermark);
+      ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+    }
   if (image_info->ping != MagickFalse)
     {
+      watermark=DestroyImage(watermark);
       (void) CloseBlob(image);
       return(GetFirstImageInList(image));
     }
   status=SetImageExtent(image,image->columns,image->rows,exception);
   if (status == MagickFalse)
-    return(DestroyImageList(image));
+    {
+      watermark=DestroyImage(watermark);
+      return(DestroyImageList(image));
+    }
   for (y=0; y < (ssize_t) image->rows; y++)
   {
     q=QueueAuthenticPixels(image,0,y,image->columns,1,exception);
openSUSE Build Service is sponsored by
Places