CVE-2026-25794

ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-24 01:16

Updated : 2026-02-24 17:28

NVD link : CVE-2026-25794

Mitre link : CVE-2026-25794

CVE.ORG link : CVE-2026-25794

JSON object : View

Products Affected

imagemagick

imagemagick

CWE

CWE-122

Heap-based Buffer Overflow

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2026-25794", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2026-02-24T01:16:13.970", "references": [{"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch."}, {"lang": "es", "value": "ImageMagick es un software libre y de c\u00f3digo abierto utilizado para editar y manipular im\u00e1genes digitales. 'WriteUHDRImage' en 'coders/uhdr.c' utiliza aritm\u00e9tica de tipo 'int' para calcular el tama\u00f1o del b\u00fafer de p\u00edxeles. Antes de la versi\u00f3n 7.1.2-15, cuando las dimensiones de la imagen son grandes, la multiplicaci\u00f3n desborda el tipo 'int' de 32 bits, lo que provoca una asignaci\u00f3n de heap de tama\u00f1o insuficiente seguida de una escritura fuera de l\u00edmites. Esto puede bloquear el proceso o potencialmente conducir a una escritura de heap fuera de l\u00edmites. La versi\u00f3n 7.1.2-15 contiene un parche."}], "lastModified": "2026-02-24T17:28:54.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B89F5759-9F8D-4C89-8D35-0FCE2AE715A4", "versionEndExcluding": "7.1.2-15"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}