CVE-2026-25794
Integer Overflow in ImageMagick WriteUHDRImage Causes Heap Buffer Overflow
Publication date: 2026-02-24
Last updated on: 2026-02-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | to 7.1.2-15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25794 is a high-severity vulnerability in ImageMagick versions prior to 7.1.2-15, specifically in the WriteUHDRImage function. The issue occurs because the software uses 32-bit signed integer arithmetic to calculate the size of the pixel buffer when processing large UHDR images. If the image dimensions are very large, the multiplication of width and height causes an integer overflow, resulting in an incorrectly small heap allocation.
This undersized allocation leads to out-of-bounds writes when the program attempts to write pixel data beyond the allocated buffer, causing heap memory corruption. This can crash the process or potentially allow further exploitation.
How can this vulnerability impact me? :
This vulnerability can cause the ImageMagick process to crash due to heap-buffer-overflow errors when handling large UHDR images. Because the heap memory is corrupted by out-of-bounds writes, it may also be exploited by attackers to execute arbitrary code or cause denial of service.
- Crash of the ImageMagick process (denial of service).
- Potential for remote code execution or other exploitation due to heap memory corruption.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for heap-buffer-overflow errors related to the WriteUHDRImage function in ImageMagick, especially when processing large UHDR images. AddressSanitizer reports showing heap-buffer-overflow errors during the write operation in WriteUHDRImage confirm the presence of this issue.
To detect exploitation attempts or crashes caused by this vulnerability, you can check logs for crashes or memory errors related to ImageMagick processes handling large UHDR images.
While no specific detection commands are provided, you can use tools like AddressSanitizer or run ImageMagick with debugging enabled to observe heap-buffer-overflow errors.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade ImageMagick to version 7.1.2-15 or later, where the vulnerability has been patched.
Until the upgrade can be applied, avoid processing large UHDR images that could trigger the integer overflow and heap-buffer-overflow conditions in the WriteUHDRImage function.