CVE-2026-25898

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40

Description ImageMagick is software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder does not properly check the pixel index value returned by the GetPixelIndex() function before it is used. In builds that use High Dynamic Range Imaging (HDRI), the Quantum type is a floating-point type, which allows pixel index values to be negative. An attacker can create a specially crafted image with negative pixel index values to cause a buffer overflow read during image conversion, potentially leading to information disclosure or a process crash.

Recommendations Update to ImageMagick version 7.1.2-15 or later. Update to ImageMagick version 6.9.13-40 or later.