CVE-2026-25985
Out-of-Memory Vulnerability in ImageMagick via Malicious SVG
Publication date: 2026-02-24
Last updated on: 2026-02-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | to 6.9.13-40 (exc) |
| imagemagick | imagemagick | From 7.0.0-0 (inc) to 7.1.2-15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-25985 is a high-severity vulnerability in ImageMagick's internal SVG decoder that affects versions prior to 7.1.2-15 and 6.9.13-40."}, {'type': 'paragraph', 'content': 'The vulnerability occurs because ImageMagick improperly handles memory allocation when processing specially crafted SVG files containing malicious elements.'}, {'type': 'paragraph', 'content': 'Specifically, an attacker can cause ImageMagick to attempt to allocate approximately 674 GB of memory without any limits, which leads to an out-of-memory abort.'}, {'type': 'paragraph', 'content': 'This results in denial of service by crashing the application or system.'}, {'type': 'paragraph', 'content': 'The issue is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) and CWE-789 (Memory Allocation with Excessive Size Value).'}] [1]
How can this vulnerability impact me? :
This vulnerability can cause a denial of service by exhausting system memory when ImageMagick processes a malicious SVG file.
An attacker can remotely exploit this issue without any privileges or user interaction.
The excessive memory allocation attempt (around 674 GB) can crash the ImageMagick application or potentially the entire system, leading to service outages or disruptions.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or out-of-memory aborts in ImageMagick when processing SVG files, especially those that are crafted or suspicious.
Since the vulnerability arises from processing malicious SVG files, one detection approach is to identify usage of vulnerable ImageMagick versions (prior to 7.1.2-15 and 6.9.13-40) and monitor logs or application crashes related to SVG file handling.
No specific detection commands are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade ImageMagick to the patched versions 7.1.2-15 or 6.9.13-40, which contain fixes for this vulnerability.
Until the upgrade can be applied, avoid processing untrusted or suspicious SVG files with vulnerable versions of ImageMagick to prevent denial of service due to excessive memory allocation.