{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25576", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-03T01:02:46.714Z", "datePublished": "2026-02-24T00:38:34.337Z", "dateUpdated": "2026-02-26T14:55:10.148Z"}, "containers": {"cna": {"title": "ImageMagick: Out of bounds read in multiple coders read raw pixel data", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j"}, {"name": "https://github.com/ImageMagick/ImageMagick/commit/077b42643212d7da8c1a4f6b2cd0067ebca8ec0f", "tags": ["x_refsource_MISC"], "url": "https://github.com/ImageMagick/ImageMagick/commit/077b42643212d7da8c1a4f6b2cd0067ebca8ec0f"}, {"name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": ">= 7.0.0, < 7.1.2-15", "status": "affected"}, {"version": "< 6.9.13-40", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T00:38:34.337Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "source": {"advisory": "GHSA-jv4p-gjwq-9r2j", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T14:54:37.697267Z", "id": "CVE-2026-25576", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:55:10.148Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25576", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T14:54:37.697267Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:55:02.464Z"}}], "cna": {"title": "ImageMagick: Out of bounds read in multiple coders read raw pixel data", "source": {"advisory": "GHSA-jv4p-gjwq-9r2j", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.1.2-15"}, {"status": "affected", "version": "< 6.9.13-40"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ImageMagick/ImageMagick/commit/077b42643212d7da8c1a4f6b2cd0067ebca8ec0f", "name": "https://github.com/ImageMagick/ImageMagick/commit/077b42643212d7da8c1a4f6b2cd0067ebca8ec0f", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3", "name": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T00:38:34.337Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25576", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:55:10.148Z", "dateReserved": "2026-02-03T01:02:46.714Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-24T00:38:34.337Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6F44A65-1733-4752-AAD0-BCCC7BDBC877", "versionEndExcluding": "6.9.13-40", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AFFD439-1068-4B6F-AE01-724AC62CDCEA", "versionEndExcluding": "7.1.2-15", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dlemstra:magick.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5891403-B079-4CD7-BA2A-361146A2F475", "versionEndExcluding": "14.10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}, {"lang": "es", "value": "ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, existe una vulnerabilidad de lectura excesiva de b\u00fafer de pila en m\u00faltiples manejadores de formato de imagen raw. La vulnerabilidad se produce al procesar im\u00e1genes con dimensiones -extract mayores que las dimensiones -size, causando lecturas de memoria fuera de l\u00edmites de un b\u00fafer asignado en la pila. Las versiones 7.1.2-15 y 6.9.13-40 contienen un parche."}], "id": "CVE-2026-25576", "lastModified": "2026-02-27T14:33:55.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-24T01:16:13.290", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ImageMagick/ImageMagick/commit/077b42643212d7da8c1a4f6b2cd0067ebca8ec0f"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Information disclosure due to heap buffer over-read when processing malformed images", "id": "2442093", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442093"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. This heap buffer over-read vulnerability occurs when processing images where the -extract dimensions are larger than the -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. A remote attacker could exploit this vulnerability to potentially disclose sensitive information."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid processing untrusted or malformed image files with ImageMagick. Users should exercise caution when handling images from untrusted sources."}, "name": "CVE-2026-25576", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-02-24T00:38:34Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25576\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25576\nhttps://github.com/ImageMagick/ImageMagick/commit/077b42643212d7da8c1a4f6b2cd0067ebca8ec0f\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j\nhttps://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"], "statement": "This MODERATE impact vulnerability in ImageMagick is due to a heap buffer over-read when processing images with -extract dimensions larger than -size dimensions. This flaw could lead to out-of-bounds memory reads from a heap-allocated buffer. Red Hat Enterprise Linux and Community Projects are affected if ImageMagick is used to process untrusted image data with these specific parameters.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.2-15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-04-18T11:00:54.497639+00:00", "value": {"mitigation_remediation": ["Upgrade ImageMagick to version 7.1.2\u201115 or later, or 6.9.13\u201140 or later, to eliminate the heap buffer over-read issue.", "If using the .NET wrapper, migrate to Magick.NET version 14.10.3 or newer, which incorporates the security fix.", "Where a patch or upgrade is not immediately possible, restrict processing of images that use the -extract option with mismatched size parameters, or validate the dimensions before invoking the extractor to avoid triggering the read beyond bounds."], "summary": {"action": "Patch", "impact": "Information Disclosure via Heap Buffer Over-Read"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all versions of ImageMagick earlier than 7.1.2\u201115 and 6.9.13\u201140. The .NET wrapper, Magick.NET, is also affected in releases prior to 14.10.3. Any system running these older versions or processing images through these libraries may be susceptible.", "description_and_impact": "ImageMagick contains a heap buffer over-read in several raw image format handlers. The flaw is triggered when the image dimensions used with the -extract option exceed the dimensions specified with -size, causing the code to read memory beyond the bounds of a buffer. The out-of-bounds read could expose data that should not be readable, leading to potential information disclosure. The weakness is classified as CWE\u2011122 and CWE\u2011125, indicating an overflow/underflow of heap memory and buffer over-read respectively.", "risk_and_exploitability": "The CVSS score of 5.1 reflects moderate severity, and the EPSS score of less than 1% indicates a low probability of exploitation in the wild. Based on the description, the likely attack vector is local or application-level: a malicious image file could be processed by a vulnerable instance of the software, enabling a reader to cause an out-of-bounds read and potentially expose memory contents. The vulnerability is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog, further suggesting limited public exploitation. The risk therefore remains moderate but not trivial, warranting timely remediation."}}}}, "created": "2026-02-24T09:54:15.965986+00:00", "updated": "2026-04-18T11:15:35.899832+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}