CVE-2026-25798
Received Received - Intake

NULL Pointer Dereference in ImageMagick Causes Remote DoS

Vulnerability report for CVE-2026-25798, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-24

Last updated on: 2026-02-24

Assigner: GitHub, Inc.

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-24
Last Modified
2026-02-24
Generated
2026-07-06
AI Q&A
2026-02-24
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-40 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-15 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-25798 is a moderate severity vulnerability in ImageMagick, a software used for editing and manipulating digital images. The vulnerability is a NULL pointer dereference in the function ClonePixelCacheRepository, which can be triggered by processing a specially crafted image file.

This flaw allows a remote attacker to crash any application linked against ImageMagick without requiring any privileges or user interaction, resulting in a denial of service.

The issue occurs in the MagickCore/cache.c source file, specifically around line 753 in ClonePixelCacheRepository, and is related to other functions like OpenPixelCache, GetImagePixelCache, SyncImagePixelCache, and SetImageExtent.

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to cause a denial of service (DoS) on any application that uses ImageMagick by supplying a crafted image file.

The attacker does not need any privileges or user interaction to exploit this flaw, making it easier to trigger a crash and disrupt availability of the affected application.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing whether applications linked against vulnerable versions of ImageMagick crash when processing specially crafted image files that trigger a NULL pointer dereference in the ClonePixelCacheRepository function.'}, {'type': 'paragraph', 'content': 'One practical approach is to use a crafted image file known to exploit this flaw and observe if the application crashes or generates an AddressSanitizer report indicating a NULL pointer dereference.'}, {'type': 'paragraph', 'content': "Specific commands are not provided in the available resources, but generally, you can test ImageMagick command-line tools (like 'magick' or 'convert') by attempting to process the crafted image file and monitoring for crashes or error messages."}] [1]

Mitigation Strategies

The immediate mitigation step is to upgrade ImageMagick to a patched version, specifically version 7.1.2-15 or later, or 6.9.13-40 or later, where this NULL pointer dereference vulnerability has been fixed.

Until the upgrade can be applied, avoid processing untrusted or specially crafted image files that could trigger the vulnerability and cause denial of service.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25798. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart