Description
ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
Published: 2026-02-24
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Out of bounds heap write potentially leading to crash
Action: Immediate Patch
AI Analysis

Impact

WriteUHDRImage in ImageMagick computes the pixel buffer size using 32‑bit signed arithmetic. When a UHDR image with large dimensions is processed, the multiplication overflows, causing a buffer that is too small to be allocated. The resulting out‑of‑bounds write can corrupt heap memory, crash the image processing process. This flaw is identified as a heap buffer overflow and an integer overflow (CWE‑122 and CWE‑190).

Affected Systems

ImageMagick software, all releases prior to version 7.1.2‑15. Versions 7.1.2‑15 and later contain the patch that prevents the signed integer overflow and protects buffer allocation.

Risk and Exploitability

The vulnerability scores a 8.2 on CVSS, indicating high severity, but the EPSS score is reported as less than 1%, showing a very low likelihood of opportunistic exploitation. The flaw is not listed in the CISA KEV catalog. Based on the description, it is inferred that attackers would need to supply a malicious UHDR image with sufficiently large dimensions to trigger the overflow; therefore the likely attack vector is a local or privileged process that processes crafted images.

Generated by OpenCVE AI on April 18, 2026 at 17:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update ImageMagick to version 7.1.2‑15 or later to apply the vendor patch.
  • If updating is infeasible, limit UHDR image processing to trusted inputs and verify that image dimensions are within safe bounds before invoking WriteUHDRImage.
  • For systems that cannot immediately upgrade or restrict input, apply a runtime monitor or sandbox to contain potential heap corruption from untrusted images.

Generated by OpenCVE AI on April 18, 2026 at 17:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6158-1 imagemagick security update
Github GHSA Github GHSA GHSA-vhqj-f5cj-9x8h ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions
History

Thu, 26 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Tue, 24 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 24 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Imagemagick
Imagemagick imagemagick
Vendors & Products Imagemagick
Imagemagick imagemagick

Tue, 24 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
Description ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
Title ImageMagick has heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when writing UHDR images with large dimensions
Weaknesses CWE-122
CWE-190
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H'}

Subscriptions

Imagemagick Imagemagick
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T15:05:26.408Z

Reserved: 2026-02-05T19:58:01.640Z

Link: CVE-2026-25794

cve-icon Vulnrichment

Updated: 2026-02-26T15:05:21.115Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T01:16:13.970

Modified: 2026-02-24T17:28:54.433

Link: CVE-2026-25794

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-24T00:53:23Z

Links: CVE-2026-25794 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:00:06Z

Weaknesses