{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25898", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-06T21:08:39.131Z", "datePublished": "2026-02-24T01:18:33.031Z", "dateUpdated": "2026-02-26T15:26:43.363Z"}, "containers": {"cna": {"title": "Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": ">= 7.0.0, < 7.1.2-15", "status": "affected"}, {"version": "< 6.9.13-40", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T01:18:33.031Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "source": {"advisory": "GHSA-vpxv-r9pg-7gpr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T15:26:22.441113Z", "id": "CVE-2026-25898", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:26:43.363Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25898", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T15:26:22.441113Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:26:37.444Z"}}], "cna": {"title": "Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer", "source": {"advisory": "GHSA-vpxv-r9pg-7gpr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.1.2-15"}, {"status": "affected", "version": "< 6.9.13-40"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T01:18:33.031Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25898", "state": "PUBLISHED", "dateUpdated": "2026-02-26T15:26:43.363Z", "dateReserved": "2026-02-06T21:08:39.131Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-24T01:18:33.031Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6F44A65-1733-4752-AAD0-BCCC7BDBC877", "versionEndExcluding": "6.9.13-40", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AFFD439-1068-4B6F-AE01-724AC62CDCEA", "versionEndExcluding": "7.1.2-15", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}, {"lang": "es", "value": "ImageMagick es software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, el codificador de im\u00e1genes UIL y XPM no valida el valor del \u00edndice de p\u00edxel devuelto por 'GetPixelIndex()' antes de usarlo como sub\u00edndice de una matriz. En las compilaciones HDRI, 'Quantum' es un tipo de punto flotante, por lo que los valores del \u00edndice de p\u00edxel pueden ser negativos. Un atacante puede crear una imagen con valores de \u00edndice de p\u00edxel negativos para activar una lectura de desbordamiento de b\u00fafer global durante la conversi\u00f3n, lo que lleva a la revelaci\u00f3n de informaci\u00f3n o a un fallo del proceso. Las versiones 7.1.2-15 y 6.9.13-40 contienen un parche."}], "id": "CVE-2026-25898", "lastModified": "2026-02-25T11:53:20.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-24T02:16:01.000", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Information disclosure or denial of service via crafted image with invalid pixel index", "id": "2442102", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442102"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in ImageMagick. A remote attacker can exploit this vulnerability by crafting a malicious image file. The UIL and XPM image encoders do not properly validate pixel index values, which can become negative in High Dynamic Range Imaging (HDRI) builds. This improper validation leads to a global buffer overflow read, potentially resulting in information disclosure or a denial of service (DoS) due to a process crash."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-25898", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-02-24T01:18:33Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25898\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25898\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr"], "statement": "This MODERATE impact vulnerability in ImageMagick's UIL and XPM image encoders allows for a global buffer overflow read when processing specially crafted images with negative pixel index values. This flaw can lead to information disclosure or a denial of service. Red Hat Enterprise Linux and Community Projects that include ImageMagick are affected.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.2-15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-04-18T10:59:59.311723+00:00", "value": {"mitigation_remediation": ["Update ImageMagick to version 7.1.2-15 or 6.9.13-40, which includes the index validation patch for UIL and XPM encoders.", "If the UIL or XPM image writers are not required by your application, disable or remove them to reduce the attack surface associated with negative pixel indices.", "Implement a pre\u2011processing check that validates all pixel indices are non\u2011negative before invoking GetPixelIndex(), or use a trusted image sanitizer to block images that attempt to use out\u2011of\u2011bounds values."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure / Crash"}, "threat_synthesis": {"affected_systems": "Any deployment of ImageMagick prior to version 7.1.2\u201115 and 6.9.13\u201140 is susceptible. The affected product is the ImageMagick library, used by a wide range of image\u2011processing applications, both on servers and on client machines. Versions older than the stated thresholds lack the patch that validates the pixel index before array subscripting.", "description_and_impact": "ImageMagick libraries encode images in UIL and XPM formats without validating the pixel index returned by GetPixelIndex(). In builds where Quantum is a floating-point type, negative indices can be produced, allowing a crafted image to overflow a buffer read. The resulting out\u2011of\u2011bounds read can leak memory contents to the calling process or cause a crash, potentially exposing sensitive data or interrupting service but does not provide remote code execution. The vulnerability is classified under CWE\u2011125 \u2013 Out\u2011of\u2011Bounds Read.", "risk_and_exploitability": "The CVSS score of 6.5 indicates medium severity, while the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a malicious image that the vulnerable application processes, which can be achieved via remote upload or local privilege if the application is invoked with user data. The lack of code\u2011execution capability keeps the risk moderate, but the information disclosure angle motivates prompt remediations."}}}}, "created": "2026-02-24T09:54:02.663284+00:00", "updated": "2026-04-18T11:00:05.753576+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}