Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Published: 2026-02-24
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

ImageMagick’s SIXEL decoder contains a signed integer overflow in its buffer reallocation logic, which corrupts memory and causes the decoder to crash when processing a malicious image. The weakness is identified as an integer overflow (CWE‑190). The effect is a denial of service because the crash terminates the image processing routine and may destabilize the application that called it. The likely attack vector is delivering a crafted SIXEL image file to a program that uses ImageMagick, which is inferred from the description because the vulnerability is triggered during image decoding.

Affected Systems

All releases of ImageMagick older than 7.1.2‑15 in the 7.x line and older than 6.9.13‑40 in the 6.x line are affected. Users running these versions should be aware that the vulnerable SIXEL decoder is present and could be executed when processing image files.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1 % shows a very low but nonzero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires delivering a crafted image file; a local user with write access to a location that an application later reads could trigger the crash, and a remote attacker could target services that accept user‑supplied images if those services load them with ImageMagick. These exploitation possibilities are inferred from the description that the overflow occurs during image decoding. The impact remains limited to denial of service, with no indication of additional confidentiality or integrity compromise.

Generated by OpenCVE AI on April 18, 2026 at 17:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update ImageMagick to version 7.1.2‑15 or newer for the 7.x line, or to 6.9.13‑40 or newer for the 6.x line to apply the official patch.
  • If an update cannot be applied immediately, disable the SIXEL decoder feature in ImageMagick, for example by compiling without SIXEL support or removing the Sixel module, thereby eliminating the execution path that triggers the overflow.
  • Sanitize and validate all image files before processing with ImageMagick; reject or quarantine files that contain suspicious or unusually large content to reduce the risk of malicious input reaching the decoder.

Generated by OpenCVE AI on April 18, 2026 at 17:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4497-1 imagemagick security update
Debian DSA Debian DSA DSA-6158-1 imagemagick security update
Debian DSA Debian DSA DSA-6159-1 imagemagick security update
Github GHSA Github GHSA GHSA-xg29-8ghv-v4xr ImageMagick Has Signed Integer Overflow in SIXEL Decoder, Leading to Memory Corruption
History

Wed, 25 Feb 2026 12:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*

Tue, 24 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 24 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Imagemagick
Imagemagick imagemagick
Vendors & Products Imagemagick
Imagemagick imagemagick

Tue, 24 Feb 2026 02:00:00 +0000

Type Values Removed Values Added
Description ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service when processing a maliciously crafted SIXEL image file. The vulnerability occurs during buffer reallocation operations where pointer arithmetic using signed 32-bit integers overflows. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Title ImageMagick SIXEL Decoder Has Signed Integer Overflow, Leading to Memory Corruption
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Imagemagick Imagemagick
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T21:33:39.346Z

Reserved: 2026-02-09T17:13:54.067Z

Link: CVE-2026-25970

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T02:16:01.963

Modified: 2026-02-25T11:57:18.567

Link: CVE-2026-25970

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-24T01:35:36Z

Links: CVE-2026-25970 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:00:06Z

Weaknesses