{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25983", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-09T17:41:55.857Z", "datePublished": "2026-02-24T01:41:45.480Z", "dateUpdated": "2026-02-28T02:04:51.222Z"}, "containers": {"cna": {"title": "ImageMagick has Use After Free in MSLStartElement in \"coders/msl.c\"", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": ">= 7.0.0, < 7.1.2-15", "status": "affected"}, {"version": "< 6.9.13-40", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T01:41:45.480Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "source": {"advisory": "GHSA-fwqw-2x5x-w566", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-28T02:04:31.389471Z", "id": "CVE-2026-25983", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-28T02:04:51.222Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25983", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-28T02:04:31.389471Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-28T02:04:45.793Z"}}], "cna": {"title": "ImageMagick has Use After Free in MSLStartElement in \"coders/msl.c\"", "source": {"advisory": "GHSA-fwqw-2x5x-w566", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.1.2-15"}, {"status": "affected", "version": "< 6.9.13-40"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T01:41:45.480Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25983", "state": "PUBLISHED", "dateUpdated": "2026-02-28T02:04:51.222Z", "dateReserved": "2026-02-09T17:41:55.857Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-24T01:41:45.480Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6F44A65-1733-4752-AAD0-BCCC7BDBC877", "versionEndExcluding": "6.9.13-40", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AFFD439-1068-4B6F-AE01-724AC62CDCEA", "versionEndExcluding": "7.1.2-15", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}, {"lang": "es", "value": "ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, un script MSL manipulado desencadena un uso despu\u00e9s de liberaci\u00f3n en el heap. El gestor del elemento de operaci\u00f3n reemplaza y libera la imagen mientras el analizador contin\u00faa leyendo de ella, lo que lleva a un UAF en ReadBlobString durante un an\u00e1lisis posterior. Las versiones 7.1.2-15 y 6.9.13-40 contienen un parche."}], "id": "CVE-2026-25983", "lastModified": "2026-02-25T15:53:20.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-24T02:16:02.463", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of service via crafted MSL script", "id": "2442113", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442113"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in ImageMagick. A remote attacker could exploit a heap-use-after-free (UAF) vulnerability by providing a specially crafted MSL script. This vulnerability occurs when the operation element handler replaces and frees an image while the parser continues to read from it. Successful exploitation could lead to a denial of service."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid processing untrusted or unverified image files, particularly those in MSL format, with ImageMagick. Implement strict input validation and sanitization for any user-supplied image data before it is processed by ImageMagick to reduce the attack surface."}, "name": "CVE-2026-25983", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-02-24T01:41:45Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25983\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25983\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566"], "statement": "This MODERATE impact vulnerability in ImageMagick allows a remote attacker to cause a denial of service or potentially execute arbitrary code through a heap-use-after-free flaw when processing a specially crafted MSL script. Red Hat Enterprise Linux 6 ELS and 7 ELS are affected if ImageMagick is installed and used to process untrusted image files.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.2-15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-04-17T15:58:12.974879+00:00", "value": {"mitigation_remediation": ["Upgrade ImageMagick to version 7.1.2-15 or later, or 6.9.13-40 or later, ensuring that the applied package includes the fix.", "If an immediate upgrade is not possible, recompile or configure ImageMagick with MSL support disabled to prevent parsing of MSL scripts.", "After applying the upgrade or disabling MSL, test image processing workflows for stability and monitor logs for unexpected crashes or abnormal memory usage."], "summary": {"action": "Apply Patch", "impact": "Memory Corruption"}, "threat_synthesis": {"affected_systems": "ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are affected. The vulnerability resides in the core image processing library and applies to any deployment that processes MSL scripts, including web applications, content management systems, or other services that manipulate images with ImageMagick.", "description_and_impact": "A crafted Microsoft Scripting Language (MSL) file can trigger a heap-use-after-free in ImageMagick\u2019s MSLStartElement handler. When the operation element replaces and frees an image, the parser continues to read from the released memory, causing a use-after-free during a subsequent ReadBlobString. This memory corruption vulnerability may lead to application crashes or, in a worst\u2011case scenario, arbitrary code execution if the corrupted state is exploitable. The weakness is identified as CWE-416 and CWE-825.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1% shows a low probability of exploitation in the near term. The vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector is the injection of a malicious MSL script that an application processes during image handling, inferred from the description of the vulnerability. Consequently, systems that use ImageMagick for image processing should assess exposure, apply the recommended patch, and monitor for anomalous activity."}}}}, "created": "2026-02-24T09:53:45.170484+00:00", "updated": "2026-04-17T16:00:11.390653+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}