CVE-2026-25576
Received Received - Intake
Heap Buffer Over-Read in ImageMagick Raw Image Processing

Publication date: 2026-02-24

Last updated on: 2026-02-27

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-27
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25576
EUVD
EUVD-2026-7454
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-40 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-15 (exc)
dlemstra magick.net to 14.10.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-25576 is a moderate severity heap buffer over-read vulnerability in ImageMagick, a software used for editing and manipulating digital images. The vulnerability occurs when processing images where the specified -extract dimensions are larger than the -size dimensions, causing the software to read memory beyond the allocated heap buffer. This out-of-bounds memory read happens in multiple raw image format handlers before versions 7.1.2-15 and 6.9.13-40, which contain patches for this issue.'}, {'type': 'paragraph', 'content': "Technically, the problem was due to loops iterating over pixel columns using the image's column count without ensuring it did not exceed the canvas image's column count. This led to out-of-bounds reads in coders handling raw pixel data formats like BGR, CMYK, GRAY, RAW, RGB, and YCbCr. The fix involved bounding these loops to the minimum of the image and canvas columns to prevent memory access beyond allocated buffers."}] [1, 2]

Impact Analysis

This vulnerability can lead to a heap buffer over-read, which means that ImageMagick may read memory beyond what was allocated for image data. While it does not affect integrity or availability, it has a high impact on confidentiality, potentially exposing sensitive information from memory.

Because the attack vector is local and requires high attack complexity, an attacker would need local access and specific conditions to exploit this vulnerability. However, no privileges or user interaction are required, so if exploited, it could leak confidential data from the system memory where ImageMagick is running.

Compliance Impact

I don't know

Detection Guidance

This vulnerability occurs when ImageMagick processes images with the -extract dimensions larger than the -size dimensions, causing out-of-bounds memory reads. Detection involves identifying usage of vulnerable ImageMagick versions and monitoring image processing commands that use these parameters.

To detect if your system is vulnerable, first check the installed ImageMagick version:

  • magick --version

If the version is prior to 7.1.2-15 or 6.9.13-40, it is vulnerable. You can also monitor or audit commands that process images with -extract and -size options where -extract dimensions exceed -size dimensions, for example:

  • magick input.raw -size WxH -extract WxH output.png

Look for scripts or automated processes invoking ImageMagick with these parameters. Network detection is limited since this is a local vulnerability triggered by crafted image files.

Mitigation Strategies

The primary mitigation step is to upgrade ImageMagick to a patched version that fixes this vulnerability.

  • Upgrade to ImageMagick version 7.1.2-15 or later, or 6.9.13-40 or later.

If upgrading immediately is not possible, avoid processing untrusted raw image files, especially those using the -extract option with dimensions larger than -size.

Additionally, review and restrict usage of ImageMagick commands that handle raw image formats (BGR, CMYK, GRAY, RAW, RGB, YCbCr) to trusted inputs only.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25576. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart