{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25794", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-05T19:58:01.640Z", "datePublished": "2026-02-24T00:53:23.396Z", "dateUpdated": "2026-02-24T00:53:23.396Z"}, "containers": {"cna": {"title": "ImageMagick has heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when writing UHDR images with large dimensions", "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "lang": "en", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h"}], "affected": [{"vendor": "ImageMagick", "product": "ImageMagick", "versions": [{"version": "< 7.1.2-15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-24T00:53:23.396Z"}, "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch."}], "source": {"advisory": "GHSA-vhqj-f5cj-9x8h", "discovery": "UNKNOWN"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "B89F5759-9F8D-4C89-8D35-0FCE2AE715A4", "versionEndExcluding": "7.1.2-15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch."}, {"lang": "es", "value": "ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. 'WriteUHDRImage' en 'coders/uhdr.c' utiliza aritm\u00e9tica de tipo 'int' para calcular el tama\u00f1o del b\u00fafer de p\u00edxeles. Antes de la versi\u00f3n 7.1.2-15, cuando las dimensiones de la imagen son grandes, la multiplicaci\u00f3n desborda el tipo 'int' de 32 bits, lo que provoca una asignaci\u00f3n de heap de tama\u00f1o insuficiente seguida de una escritura fuera de l\u00edmites. Esto puede bloquear el proceso o potencialmente conducir a una escritura de heap fuera de l\u00edmites. La versi\u00f3n 7.1.2-15 contiene un parche."}], "id": "CVE-2026-25794", "lastModified": "2026-02-24T17:28:54.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-24T01:16:13.970", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-190"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: ImageMagick: Denial of service and potential arbitrary code execution via integer overflow in image processing", "id": "2442110", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442110"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in ImageMagick. When processing images with large dimensions, the `WriteUHDRImage` function in `coders/uhdr.c` uses integer arithmetic that can overflow. This overflow leads to an undersized memory allocation, followed by an out-of-bounds write. A remote attacker could exploit this vulnerability by providing a specially crafted image, potentially causing a denial of service or, in some cases, arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, avoid processing untrusted or maliciously crafted UHDR image files with ImageMagick. Limiting the exposure of ImageMagick to untrusted input can reduce the risk of exploitation."}, "name": "CVE-2026-25794", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2026-02-24T00:53:23Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25794\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25794\nhttps://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h"], "statement": "This IMPORTANT heap-buffer-overflow vulnerability in ImageMagick's `WriteUHDRImage` function can lead to a denial of service or potentially arbitrary code execution when processing specially crafted UHDR images with excessively large dimensions. Red Hat Enterprise Linux 6 ELS and 7 ELS are affected by this flaw, which occurs due to a signed integer overflow during pixel buffer size calculation.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.1.2-15)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ImageMagick", "source": "cna", "vendor": "ImageMagick"}, "product": "imagemagick", "vendor": "imagemagick"}], "created": "2026-02-24T09:54:10.651224+00:00", "updated": "2026-02-24T09:54:10.651296+00:00", "vendors": ["imagemagick", "imagemagick$PRODUCT$imagemagick"]}