{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25986", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-09T17:41:55.857Z", "datePublished": "2026-02-24T01:44:34.711Z", "dateUpdated": "2026-02-28T02:06:51.578Z"}, "containers": {"cna": {"title": "ImageMagick has a heap buffer overflow in YUV 4:2:2 decoder", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": ">= 7.0.0, < 7.1.2-15", "status": "affected"}, {"version": "< 6.9.13-40", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T01:44:34.711Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "source": {"advisory": "GHSA-mqfc-82jx-3mr2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-28T02:06:36.205100Z", "id": "CVE-2026-25986", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-28T02:06:51.578Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25986", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-28T02:06:36.205100Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-28T02:06:45.987Z"}}], "cna": {"title": "ImageMagick has a heap buffer overflow in YUV 4:2:2 decoder", "source": {"advisory": "GHSA-mqfc-82jx-3mr2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.1.2-15"}, {"status": "affected", "version": "< 6.9.13-40"}]}], "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2", "name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T01:44:34.711Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25986", "state": "PUBLISHED", "dateUpdated": "2026-02-28T02:06:51.578Z", "dateReserved": "2026-02-09T17:41:55.857Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-24T01:44:34.711Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6F44A65-1733-4752-AAD0-BCCC7BDBC877", "versionEndExcluding": "6.9.13-40", "vulnerable": true}, {"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AFFD439-1068-4B6F-AE01-724AC62CDCEA", "versionEndExcluding": "7.1.2-15", "versionStartIncluding": "7.0.0-0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch."}, {"lang": "es", "value": "ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. Antes de las versiones 7.1.2-15 y 6.9.13-40, existe una vulnerabilidad de escritura por desbordamiento de b\u00fafer de pila en ReadYUVImage() (coders/yuv.c) al procesar im\u00e1genes YUV 4:2:2 (NoInterlace) maliciosas. El bucle de pares de p\u00edxeles escribe un p\u00edxel m\u00e1s all\u00e1 del b\u00fafer de fila asignado. Las versiones 7.1.2-15 y 6.9.13-40 contienen un parche."}], "id": "CVE-2026-25986", "lastModified": "2026-02-25T15:53:11.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-24T02:16:02.780", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of Service via malicious YUV image processing", "id": "2442111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442111"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-805", "details": ["A flaw was found in ImageMagick. A heap buffer overflow vulnerability exists when processing specially crafted YUV 4:2:2 (NoInterlace) images. A remote attacker could exploit this by providing a malicious image, leading to a denial of service (DoS) due to a write beyond the allocated buffer."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid processing untrusted YUV 4:2:2 image files with ImageMagick. If ImageMagick is used in automated workflows or server-side applications, consider implementing sandboxing mechanisms to limit the potential impact of processing malicious input. Ensure that ImageMagick instances are not exposed to untrusted input sources without proper validation and isolation."}, "name": "CVE-2026-25986", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-02-24T01:44:34Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25986\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25986\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2"], "statement": "This MODERATE impact vulnerability in ImageMagick affects Red Hat Enterprise Linux 6 ELS and 7 ELS. A heap buffer overflow occurs when processing specially crafted YUV 4:2:2 images, which could lead to denial of service or potentially arbitrary code execution. Exploitation requires an attacker to provide a malicious image file to a system using ImageMagick.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.2-15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.9.13-40)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "analysis": {"en": {"generated_at": "2026-04-17T15:58:02.774536+00:00", "value": {"mitigation_remediation": ["Apply the official patch by upgrading ImageMagick to version 7.1.2\u201115 or later, or 6.9.13\u201140 or later, whichever series is in use.", "If upgrading is not immediately possible, restrict input by filtering or rejecting YUV 4:2:2 images, or disable YUV decoding functionality if the application permits it.", "Run ImageMagick in a sandboxed or restricted environment and monitor logs for abnormal image decoding attempts to contain potential exploitation."], "summary": {"action": "Patch", "impact": "Heap Buffer Overflow"}, "threat_synthesis": {"affected_systems": "Vendors and products identified by the CNA are ImageMagick ImageMagick. The affectation covers all releases earlier than 7.1.2\u201115 in the 7.x branch and earlier than 6.9.13\u201140 in the 6.x branch. These versions are widely deployed on Linux distributions, macOS, Windows, and embedded systems that employ ImageMagick for image processing.\n", "description_and_impact": "ImageMagick processes image files, and a flaw in the YUV 4:2:2 decoder writes one pixel beyond the allocated row buffer during the pixel\u2011pair loop, creating a heap buffer overflow. This out\u2011of\u2011bounds write can corrupt adjacent memory, and based on the description it is inferred that an attacker might be able to achieve either a denial\u2011of\u2011service crash or, if the memory corruption is exploitable, arbitrary\u2011code execution.\nThe weakness is characterized by CWE\u2011787 (Out\u2011of\u2011Bounds Write) and CWE\u2011805 (Incorrect Calculation or Use of Buffer Size).\n\nBased on the description, it is inferred that the primary attack vector involves supplying a maliciously crafted YUV 4:2:2 image to any component that invokes ImageMagick\u2019s decoder.\n\nThe vulnerability can affect any process or service that performs image manipulation using ImageMagick without restricting the input image formats.\n", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate severity, while the EPSS value of less than 1% signifies a very low probability of exploitation at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog.\nExploitation requires an attacker to supply a specially crafted YUV 4:2:2 file to a vulnerable instance of ImageMagick; the heap overflow occurs during the pixel\u2011pair loop and writes one pixel beyond the allocated row buffer. Based on the code path described, an attacker can trigger the flaw by submitting the file to any image\u2011processing routine that uses the YUV 4:2:2 decoder.\nThe potential impact of exploitation ranges from an application crash to, depending on the exploit feasibility, arbitrary code execution.\n"}}}}, "created": "2026-02-24T09:53:42.298449+00:00", "updated": "2026-04-17T16:00:11.389906+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}