CVE-2026-25794

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15

Description ImageMagick is software used for editing and manipulating digital images. The WriteUHDRImage function in coders/uhdr.c uses 32-bit integer arithmetic to calculate the pixel buffer size. When image dimensions are large, this calculation can overflow, resulting in an undersized heap allocation and an out-of-bounds write. This can crash the process or potentially lead to an out-of-bounds heap write. The vulnerable function is WriteUHDRImage.

Recommendations Update to ImageMagick version 7.1.2-15 or later.

Exploit

Fix

RCE

Heap Based Buffer Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-190

Related Identifiers

CVE-2026-25794

ECHO-D0BC-1155-4868

GHSA-VHQJ-F5CJ-9X8H

OESA-2026-1452

OESA-2026-1454

OESA-2026-1455

OESA-2026-1456

OESA-2026-1457

OPENSUSE-SU-2026:10267-1

OPENSUSE-SU-2026:20337-1

USN-8263-1

Affected Products

Imagemagick

CVE-2026-25794

Weakness Enumeration

Related Identifiers

Affected Products

References · 157