CVE-2026-25794
Received Received - Intake
Integer Overflow in ImageMagick WriteUHDRImage Causes Heap Buffer Overflow

Publication date: 2026-02-24

Last updated on: 2026-02-24

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25794
EUVD
EUVD-2026-7448
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
imagemagick imagemagick to 7.1.2-15 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-25794 is a high-severity vulnerability in ImageMagick versions prior to 7.1.2-15, specifically in the WriteUHDRImage function. The issue occurs because the software uses 32-bit signed integer arithmetic to calculate the size of the pixel buffer when processing large UHDR images. If the image dimensions are very large, the multiplication of width and height causes an integer overflow, resulting in an incorrectly small heap allocation.

This undersized allocation leads to out-of-bounds writes when the program attempts to write pixel data beyond the allocated buffer, causing heap memory corruption. This can crash the process or potentially allow further exploitation.

Impact Analysis

This vulnerability can cause the ImageMagick process to crash due to heap-buffer-overflow errors when handling large UHDR images. Because the heap memory is corrupted by out-of-bounds writes, it may also be exploited by attackers to execute arbitrary code or cause denial of service.

  • Crash of the ImageMagick process (denial of service).
  • Potential for remote code execution or other exploitation due to heap memory corruption.
Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for heap-buffer-overflow errors related to the WriteUHDRImage function in ImageMagick, especially when processing large UHDR images. AddressSanitizer reports showing heap-buffer-overflow errors during the write operation in WriteUHDRImage confirm the presence of this issue.

To detect exploitation attempts or crashes caused by this vulnerability, you can check logs for crashes or memory errors related to ImageMagick processes handling large UHDR images.

While no specific detection commands are provided, you can use tools like AddressSanitizer or run ImageMagick with debugging enabled to observe heap-buffer-overflow errors.

Mitigation Strategies

The immediate mitigation step is to upgrade ImageMagick to version 7.1.2-15 or later, where the vulnerability has been patched.

Until the upgrade can be applied, avoid processing large UHDR images that could trigger the integer overflow and heap-buffer-overflow conditions in the WriteUHDRImage function.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25794. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart