new file mode 100644
@@ -0,0 +1,41 @@
+From 0564895c393d0aa21578739ad3126a447a4beace Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Fri, 6 Feb 2026 21:10:47 +0100
+Subject: [PATCH] Prevent memory leak in early exits (GHSA-g2pr-qxjg-7r2w)
+
+CVE: CVE-2026-25796
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/93ad259ce4f6d641eea0bee73f374af90f35efc3]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ coders/stegano.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/coders/stegano.c b/coders/stegano.c
+index 9f5eb6b80..b68d6ce6d 100644
+--- a/coders/stegano.c
++++ b/coders/stegano.c
+@@ -150,15 +150,22 @@ static Image *ReadSTEGANOImage(const ImageInfo *image_info,
+ return(DestroyImage(image));
+ watermark->depth=MAGICKCORE_QUANTUM_DEPTH;
+ if (AcquireImageColormap(image,MaxColormapSize,exception) == MagickFalse)
+- ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
++ {
++ watermark=DestroyImage(watermark);
++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
++ }
+ if (image_info->ping != MagickFalse)
+ {
++ watermark=DestroyImage(watermark);
+ (void) CloseBlob(image);
+ return(GetFirstImageInList(image));
+ }
+ status=SetImageExtent(image,image->columns,image->rows,exception);
+ if (status == MagickFalse)
+- return(DestroyImageList(image));
++ {
++ watermark=DestroyImage(watermark);
++ return(DestroyImageList(image));
++ }
+ for (y=0; y < (ssize_t) image->rows; y++)
+ {
+ q=QueueAuthenticPixels(image,0,y,image->columns,1,exception);
@@ -23,6 +23,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
file://CVE-2026-25638.patch \
file://CVE-2026-25794.patch \
file://CVE-2026-25795.patch \
+ file://CVE-2026-25796.patch \
"
SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e"
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25796 Backport the patch that mentions the related Github advisory[1] in its commit message. [1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../imagemagick/CVE-2026-25796.patch | 41 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.2-13.bb | 1 + 2 files changed, 42 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-25796.patch