Imagemagick CVE-2026-25967
HIGH
GHSA-72hf-fj62-w6j4
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
3DescriptionNVD
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.
AnalysisAI
Stack-based buffer overflow in ImageMagick versions before 7.1.2-15 allows remote attackers to crash the application and potentially corrupt memory by submitting specially crafted FTXT image files. The vulnerability requires high complexity to exploit but impacts both confidentiality and availability of affected systems. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all systems and applications using ImageMagick and document their versions; restrict access to image processing functions to trusted sources only. Within 7 days: Implement input validation and sandboxing for image file processing; deploy network segmentation to isolate affected systems; monitor logs for suspicious activity. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today