OESA-2026-1454

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.

Security Fix(es):

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-24481)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-24484)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage() function becomes trapped in an infinite loop while searching for the Sync marker, causing the program to become unresponsive and continuously consume CPU resources, ultimately leading to system resource exhaustion and denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-24485)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-25576)

ImageMagick is a widely used open-source software suite for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in the ASHLAR image writer. An attacker can exploit this vulnerability by providing a specially crafted image file, which causes small memory objects to be allocated but never freed. Continuous processing of such malicious images will gradually exhaust the process memory, ultimately leading to a Denial of Service (DoS) condition. This vulnerability is classified under CWE-401 (Improper Release of Memory Before Removing Last Reference).(CVE-2026-25637)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a memory leak vulnerability exists in coders/msl.c. The vulnerability stems from the WriteMSLImage function returning early without releasing allocated resources. A remote attacker could exploit this vulnerability by providing a specially crafted image file, leading to memory exhaustion and ultimately resulting in a Denial of Service (DoS) condition, rendering the system or application unavailable. This vulnerability is classified as CWE-401 (Memory Leak).(CVE-2026-25638)

ImageMagick is free and open-source software used for editing and manipulating digital images. The WriteUHDRImage function in coders/uhdr.c uses int arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows the 32-bit int, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out-of-bounds heap write, which could be exploited to cause a denial of service or, in some cases, arbitrary code execution.(CVE-2026-25794)

ImageMagick is a widely used free and open-source software for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference vulnerability exists in the ReadSFWImage() function located in coders/sfw.c. When temporary file creation fails, the read_info structure is destroyed before its filename member is accessed, causing the program to dereference a NULL pointer and crash. An attacker could exploit this issue to cause a Denial of Service (DoS).(CVE-2026-25795)

ImageMagick is a free and open-source software for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a memory leak vulnerability exists in the ReadSTEGANOImage() function within coders/stegano.c. On three error/early-return paths, the function fails to properly free the watermark Image object, resulting in a definite memory leak (approximately 13.5KB+ per invocation). An attacker can exploit this flaw by repeatedly triggering the leak, consuming excessive system memory and leading to a Denial of Service (DoS).(CVE-2026-25796)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails to sanitize the input before writing it into the PostScript header. An attacker can provide a malicious file and inject arbitrary PostScript code. When the resulting file is processed by a printer or a viewer (like Ghostscript), the injected code is interpreted and executed, potentially leading to arbitrary code execution. Additionally, the html encoder does not properly escape strings that are written to in the html document. An attacker can provide a malicious file and inject arbitrary html code.(CVE-2026-25797)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service.(CVE-2026-25798)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. An attacker can exploit this vulnerability by tricking a user into processing a specially crafted image file, causing the ImageMagick process to crash.(CVE-2026-25799)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex() before using it as an array subscript. In HDRI builds, Quantum is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash.(CVE-2026-25898)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick's path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal (e.g., using ../). The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied.(CVE-2026-25965)

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams (stdin/stdout). However, ImageMagick also supports fd:<n> pseudo-filenames (e.g., fd:0, fd:1). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of "no stdin/stdout." An attacker can exploit this flaw by using fd: pseudo-filenames to circumvent the intended security restrictions, potentially leading to unauthorized access to standard input/output and subsequent information disclosure or data manipulation.(CVE-2026-25966)

ImageMagick is a free and open-source software suite for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow vulnerability exists in the FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to an application crash and resulting in a Denial of Service (DoS). The CWE identifier for this vulnerability is CWE-121 (Stack-based Buffer Overflow).(CVE-2026-25967)

ImageMagick is free and open-source software for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow vulnerability exists when processing an attribute in msl.c. A long attribute value overflows a fixed-size stack buffer, leading to memory corruption. A remote attacker could exploit this by providing a specially crafted image file with a long attribute value, potentially resulting in denial of service or arbitrary code execution.(CVE-2026-25968)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in coders/ashlar.c. The WriteASHLARImage function allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. A remote attacker could exploit this by providing a specially crafted image, leading to resource exhaustion and a denial of service (DoS), making the system or application unavailable to legitimate users.(CVE-2026-25969)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-25970)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-25971)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the coders/dcm.c module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-25982)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.(CVE-2026-25983)

A security vulnerability exists in ImageMagick's internal SVG decoder where memory allocation lacks proper limits. Attackers can exploit this vulnerability through specially crafted SVG files to cause memory exhaustion or denial of service.(CVE-2026-25985)

ImageMagick is a free and open-source software suite for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in the ReadYUVImage() function (located in coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer, resulting in an out-of-bounds write. This vulnerability can be exploited by a remote attacker by providing a specially crafted image file, potentially leading to a denial of service (DoS) and impacting the confidentiality, integrity, and availability of the system.(CVE-2026-25986)

ImageMagick is a widely used open-source image processing software. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in its MAP image decoder when processing crafted MAP files. A remote attacker could exploit this by providing a specially crafted MAP file, potentially leading to application crashes (denial of service) or unintended disclosure of sensitive information from process memory during image decoding.(CVE-2026-25987)

ImageMagick is a widely used open-source image processing software. A flaw exists in the MSL (Magick Scripting Language) parsing component (msl.c) in versions prior to 7.1.2-15 and 6.9.13-40. When processing certain images, this component fails to correctly update the internal stack index, causing image data to be stored in an incorrect stack slot. When an error occurs during processing, the memory allocated to this incorrect slot is not properly freed, resulting in a memory leak. An attacker could exploit this vulnerability by providing a specially crafted image file, leading to continuous memory consumption and potentially causing a Denial of Service (DoS) condition.(CVE-2026-25988)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an integer overflow or wraparound and incorrect conversion between numeric types vulnerability exists in its internal SVG decoder. Specifically, an off-by-one boundary check (using > instead of >=) allows bypassing the guard and reaching an undefined (size_t) cast. A remote attacker could exploit this vulnerability by providing a specially crafted SVG file, leading to a denial of service (DoS) condition, making the software unavailable to legitimate users.(CVE-2026-25989)

ImageMagick contains an infinite loop vulnerability when writing IPTCTEXT data from crafted profiles, which can be exploited by attackers to cause denial of service.(CVE-2026-26066)

A possible infinite loop vulnerability exists in the JPEG encoder of ImageMagick when using the jpeg:extent parameter, which could lead to denial of service.(CVE-2026-26283)

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains a function that has an incorrect initialization that could cause an out-of-bounds read. This vulnerability could allow a remote attacker to cause information disclosure or a denial of service.(CVE-2026-26284)

ImageMagick contains a use-after-free vulnerability when processing invalid MSL <map> tags. An attacker can cause program crashes or potentially execute arbitrary code by crafting malicious image files.(CVE-2026-26983)