CVE-2026-25989
Off-by-One Vulnerability in ImageMagick SVG Causes DoS
Publication date: 2026-02-24
Last updated on: 2026-02-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagemagick | imagemagick | to 6.9.13-40 (exc) |
| imagemagick | imagemagick | From 7.0.0-0 (inc) to 7.1.2-15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-193 | A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value. |
| CWE-681 | When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-25989 is a high-severity vulnerability in ImageMagick, a software used for editing and manipulating digital images. The issue arises from an off-by-one boundary check error in the internal SVG decoder, where a '>' comparison is used instead of '>='. This mistake allows bypassing a guard condition and leads to an undefined cast to size_t. Specifically, a crafted SVG file can exploit this flaw to cause a denial of service."}, {'type': 'paragraph', 'content': 'The vulnerability involves integer overflow or wraparound (CWE-190) and incorrect conversion between numeric types (CWE-681), which cause unexpected and dangerous behavior. It can be exploited remotely without any privileges or user interaction.'}] [1]
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) in ImageMagick when processing a specially crafted SVG file. An attacker can exploit this remotely without any privileges or user interaction, potentially causing the software or system using ImageMagick to crash or become unavailable.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your system is running a vulnerable version of ImageMagick prior to 7.1.2-15 or 6.9.13-40.
You can check the installed ImageMagick version using the following command:
- magick -version
If the version is older than 7.1.2-15 or 6.9.13-40, your system is vulnerable.
Additionally, monitoring network traffic for suspicious SVG files being processed by ImageMagick could help detect exploitation attempts, but no specific detection commands are provided.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update ImageMagick to a patched version.
- Upgrade ImageMagick to version 7.1.2-15 or later, or 6.9.13-40 or later.
This update contains the fix for the off-by-one boundary check vulnerability that can cause denial of service.
Until the update can be applied, consider restricting or monitoring the processing of untrusted SVG files to reduce the risk of exploitation.