{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25970", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-09T17:13:54.067Z", "datePublished": "2026-02-24T01:35:36.727Z", "dateUpdated": "2026-02-26T21:33:39.346Z"}, "containers": {"cna": {"title": "ImageMagick SIXEL Decoder Has Signed Integer Overflow, Leading to Memory Corruption", "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": ">= 7.0.0, < 7.1.2-15", "status": "affected"}, {"version": "< 6.9.13-40", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T01:35:36.727Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "source": {"advisory": "GHSA-xg29-8ghv-v4xr", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25970", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T21:02:09.842698Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T21:33:39.346Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6F44A65-1733-4752-AAD0-BCCC7BDBC877", "versionEndExcluding": "6.9.13-40", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AFFD439-1068-4B6F-AE01-724AC62CDCEA", "versionEndExcluding": "7.1.2-15", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}, {"lang": "es", "value": "ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, una vulnerabilidad de desbordamiento de entero con signo en el decodificador SIXEL de ImageMagick permite a un atacante activar la corrupci\u00f3n de memoria y la denegaci\u00f3n de servicio al procesar un archivo de imagen SIXEL creado maliciosamente. La vulnerabilidad ocurre durante las operaciones de reasignaci\u00f3n de b\u00fafer donde la aritm\u00e9tica de punteros que utiliza enteros con signo de 32 bits se desborda. Las versiones 7.1.2-15 y 6.9.13-40 contienen un parche."}], "id": "CVE-2026-25970", "lastModified": "2026-02-25T11:57:18.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-24T02:16:01.963", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Memory corruption and denial of service via signed integer overflow in SIXEL decoder.", "id": "2442108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442108"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in ImageMagick. A remote attacker can exploit a signed integer overflow vulnerability in the SIXEL decoder by providing a maliciously crafted SIXEL image file. This vulnerability occurs during buffer reallocation operations and can lead to memory corruption and a denial of service (DoS) condition."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, avoid processing untrusted SIXEL image files with ImageMagick. If ImageMagick is used in an environment where it processes external or untrusted input, consider implementing sandboxing mechanisms to limit the potential impact of a successful exploit."}, "name": "CVE-2026-25970", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-02-24T01:35:36Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25970\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25970\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr"], "statement": "This MODERATE impact vulnerability in ImageMagick's SIXEL decoder can lead to memory corruption and denial of service. It affects Red Hat Enterprise Linux 6 ELS and 7 ELS when processing a specially crafted SIXEL image file. Exploitation requires an attacker to provide a malicious image for processing.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.2-15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-04-18T17:45:33.437397+00:00", "value": {"mitigation_remediation": ["Update ImageMagick to version 7.1.2\u201115 or newer for the 7.x line, or to 6.9.13\u201140 or newer for the 6.x line to apply the official patch.", "If an update cannot be applied immediately, disable the SIXEL decoder feature in ImageMagick, for example by compiling without SIXEL support or removing the Sixel module, thereby eliminating the execution path that triggers the overflow.", "Sanitize and validate all image files before processing with ImageMagick; reject or quarantine files that contain suspicious or unusually large content to reduce the risk of malicious input reaching the decoder."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All releases of ImageMagick older than 7.1.2\u201115 in the 7.x line and older than 6.9.13\u201140 in the 6.x line are affected. Users running these versions should be aware that the vulnerable SIXEL decoder is present and could be executed when processing image files.", "description_and_impact": "ImageMagick\u2019s SIXEL decoder contains a signed integer overflow in its buffer reallocation logic, which corrupts memory and causes the decoder to crash when processing a malicious image. The weakness is identified as an integer overflow (CWE\u2011190). The effect is a denial of service because the crash terminates the image processing routine and may destabilize the application that called it. The likely attack vector is delivering a crafted SIXEL image file to a program that uses ImageMagick, which is inferred from the description because the vulnerability is triggered during image decoding.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1\u202f% shows a very low but nonzero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires delivering a crafted image file; a local user with write access to a location that an application later reads could trigger the crash, and a remote attacker could target services that accept user\u2011supplied images if those services load them with ImageMagick. These exploitation possibilities are inferred from the description that the overflow occurs during image decoding. The impact remains limited to denial of service, with no indication of additional confidentiality or integrity compromise."}}}}, "created": "2026-02-24T09:53:51.033329+00:00", "updated": "2026-04-18T18:00:06.446621+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}