CVE-2026-25986
published 2026-02-24CVE-2026-25986: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.46%
36.6th percentile
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | imagemagick | < imagemagick 8:6.9.11.60+dfsg-1.6+deb12u7 (bookworm) | imagemagick 8:6.9.11.60+dfsg-1.6+deb12u7 (bookworm) |
| imagemagick | imagemagick | < 6.9.13-40 | 6.9.13-40 |
| imagemagick | imagemagick | — | — |
| imagemagick | imagemagick | >= 0 < 8:6.9.11.60+dfsg-1.3+deb11u10 | 8:6.9.11.60+dfsg-1.3+deb11u10 |
| imagemagick | imagemagick | >= 0 < 8:6.9.11.60+dfsg-1.6+deb12u7 | 8:6.9.11.60+dfsg-1.6+deb12u7 |
| imagemagick | imagemagick | >= 0 < 8:7.1.1.43+dfsg1-1+deb13u6 | 8:7.1.1.43+dfsg1-1+deb13u6 |
| imagemagick | imagemagick | >= 0 < 8:7.1.2.15+dfsg1-1 | 8:7.1.2.15+dfsg1-1 |
| imagemagick | imagemagick | >= 0 < 8:6.7.7.10-6ubuntu3.13+esm19 | 8:6.7.7.10-6ubuntu3.13+esm19 |
| imagemagick | imagemagick | >= 0 < 8:6.8.9.9-7ubuntu5.16+esm18 | 8:6.8.9.9-7ubuntu5.16+esm18 |
| imagemagick | imagemagick | >= 0 < 8:6.9.7.4+dfsg-16ubuntu6.15+esm10 | 8:6.9.7.4+dfsg-16ubuntu6.15+esm10 |
| imagemagick | imagemagick | >= 0 < 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm8 | 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm8 |
| imagemagick | imagemagick | >= 0 < 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8 | 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8 |
| imagemagick | imagemagick | >= 0 < 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7 | 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7 |
| imagemagick | imagemagick | >= 7.0.0-0 < 7.1.2-15 | 7.1.2-15 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_ubuntu6.5MEDIUM
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ImageMagick has heap buffer overflow in YUV 4:2:2 decoder
osv·2026-03-12
CVE-2026-25986 [MEDIUM] ImageMagick has heap buffer overflow in YUV 4:2:2 decoder
ImageMagick has heap buffer overflow in YUV 4:2:2 decoder
A heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer.
```
==204642==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5170000002e0 at pc 0x562d21a7e8de bp 0x7fffa9ae1270 sp 0x7fffa9ae1260
WRITE of size 8 at 0x5170000002e0 thread T0
```
GHSA
ImageMagick has heap buffer overflow in YUV 4:2:2 decoder
ghsa·2026-03-12
CVE-2026-25986 [MEDIUM] CWE-787 ImageMagick has heap buffer overflow in YUV 4:2:2 decoder
ImageMagick has heap buffer overflow in YUV 4:2:2 decoder
A heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer.
```
==204642==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x5170000002e0 at pc 0x562d21a7e8de bp 0x7fffa9ae1270 sp 0x7fffa9ae1260
WRITE of size 8 at 0x5170000002e0 thread T0
```
OSV
imagemagick vulnerabilities
osv·2026-03-04·CVSS 9.8
CVE-2026-25897 [CRITICAL] imagemagick vulnerabilities
imagemagick vulnerabilities
It was discovered that ImageMagick did not properly decode certain SUN
image files. An attacker could use this issue to cause ImageMagick to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-25897)
It was discovered that ImageMagick did not properly validate pixel index
values when writing UIL and XPM image files. An attacker could use this issue
to cause ImageMagick to crash, resulting in a denial of service, or possibly
obtain sensitive information. (CVE-2026-25898)
It was discovered that ImageMagick's MSL decoder did not properly handle
certain attribute values. An attacker could use this issue to cause ImageMagick
to crash, resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-25968)
It was d
OSV
CVE-2026-25986: ImageMagick is free and open-source software used for editing and manipulating digital images
osv·2026-02-24·CVSS 9.8
CVE-2026-25986 [CRITICAL] CVE-2026-25986: ImageMagick is free and open-source software used for editing and manipulating digital images
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Ubuntu
ImageMagick vulnerabilities
vendor_ubuntu·2026-03-04·CVSS 6.5
CVE-2026-25968 [MEDIUM] ImageMagick vulnerabilities
Title: ImageMagick vulnerabilities
Summary: Several security issues were fixed in ImageMagick.
It was discovered that ImageMagick did not properly decode certain SUN
image files. An attacker could use this issue to cause ImageMagick to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-25897)
It was discovered that ImageMagick did not properly validate pixel index
values when writing UIL and XPM image files. An attacker could use this issue
to cause ImageMagick to crash, resulting in a denial of service, or possibly
obtain sensitive information. (CVE-2026-25898)
It was discovered that ImageMagick's MSL decoder did not properly handle
certain attribute values. An attacker could use this issue to cause ImageMagick
to crash, resulting in a denial of ser
Red Hat
ImageMagick: ImageMagick: Denial of Service via malicious YUV image processing
vendor_redhat·2026-02-24·CVSS 5.3
CVE-2026-25986 [MEDIUM] CWE-805 ImageMagick: ImageMagick: Denial of Service via malicious YUV image processing
ImageMagick: ImageMagick: Denial of Service via malicious YUV image processing
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
A flaw was found in ImageMagick. A heap buffer overflow vulnerability exists when processing specially crafted YUV 4:2:2 (NoInterlace) images. A remote attacker could exploit this by providing a malicious image, leading to a denial of service (DoS) due to a write beyond the allocated buffer.
Statement: This MODERATE imp
Debian
CVE-2026-25986: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d...
vendor_debian·2026·CVSS 5.3
CVE-2026-25986 [MEDIUM] CVE-2026-25986: imagemagick - ImageMagick is free and open-source software used for editing and manipulating d...
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Scope: local
bookworm: resolved (fixed in 8:6.9.11.60+dfsg-1.6+deb12u7)
bullseye: resolved (fixed in 8:6.9.11.60+dfsg-1.3+deb11u10)
forky: resolved (fixed in 8:7.1.2.15+dfsg1-1)
sid: resolved (fixed in 8:7.1.2.15+dfsg1-1)
trixie: resolved (fixed in 8:7.1.1.43+dfsg1-1+deb13u6)
No detection rules found.
No public exploits indexed.
2026-02-24
Published