CVE-2026-25987
Received Received - Intake
Heap Buffer Over-read in ImageMagick MAP Decoder Causes Crashes

Publication date: 2026-02-24

Last updated on: 2026-02-25

Assigner: GitHub, Inc.

Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25987
EUVD
EUVD-2026-7418
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
imagemagick imagemagick to 6.9.13-40 (exc)
imagemagick imagemagick From 7.0.0-0 (inc) to 7.1.2-15 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The primary mitigation step is to upgrade ImageMagick to version 7.1.2-15 or later, or 6.9.13-40 or later, where this vulnerability has been patched.

Until the upgrade is applied, avoid processing untrusted or specially crafted MAP image files with vulnerable versions of ImageMagick.

Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-25987 is a moderate severity vulnerability in ImageMagick's MAP image decoder. It is a heap buffer over-read issue that occurs when processing specially crafted MAP files. This means the decoder reads beyond the allocated memory buffer, which can cause the application to crash or unintentionally disclose parts of memory during image decoding."}] [1]

Impact Analysis

The vulnerability can lead to application crashes or unintended disclosure of memory contents when processing malicious MAP image files. This could potentially expose sensitive information stored in memory, although the impact is limited to confidentiality loss without affecting data integrity or system availability.

Compliance Impact

I don't know

Detection Guidance

This vulnerability occurs when ImageMagick processes specially crafted MAP files, causing heap buffer over-reads that may lead to crashes or memory disclosure.

To detect exploitation attempts on your system or network, monitor for crashes or abnormal behavior in ImageMagick processes, especially when handling MAP image files.

You can also scan files for suspicious or malformed MAP images before processing.

Specific commands to detect this vulnerability are not provided in the available resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25987. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart