Imagemagick CVE-2026-25968
HIGH
GHSA-3mwp-xqp2-q6ph
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
3DescriptionNVD
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute in msl.c. A long value overflows a fixed-size stack buffer, leading to memory corruption. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
AnalysisAI
High severity vulnerability in ImageMagick. A stack buffer overflow occurs when processing the an attribute in msl.c. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all systems and applications using ImageMagick; disable MSL (Magick Scripting Language) processing if not required. Within 7 days: Implement input validation and file type restrictions; isolate ImageMagick services using network segmentation or containers; consider deploying WAF rules to block suspicious MSL attributes. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today