CVE-2026-25576
📋 TL;DR
ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a heap buffer over-read vulnerability when processing raw image formats. Attackers can trigger out-of-bounds memory reads by providing images with -extract dimensions larger than -size dimensions. This affects any system using vulnerable ImageMagick versions to process untrusted images.
💻 Affected Systems
- ImageMagick
- Magick.NET
- Any software using vulnerable ImageMagick libraries
📦 What is this software?
Imagemagick by Imagemagick
Imagemagick by Imagemagick
Magick.net by Dlemstra
⚠️ Risk & Real-World Impact
Worst Case
Information disclosure through memory leaks, potential denial of service via application crashes, or remote code execution if combined with other vulnerabilities.
Likely Case
Application crashes leading to denial of service, potential information disclosure from memory reads.
If Mitigated
Limited impact with proper input validation and sandboxing, though memory corruption risks remain.
🎯 Exploit Status
Requires crafting specific image files with dimension parameters, but no authentication needed if image processing is exposed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ImageMagick 7.1.2-15 and 6.9.13-40, Magick.NET 14.10.3
Vendor Advisory: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j
Restart Required: Yes
Instructions:
1. Update ImageMagick to version 7.1.2-15 or 6.9.13-40. 2. For Magick.NET, update to version 14.10.3. 3. Restart any services using ImageMagick libraries.
🔧 Temporary Workarounds
Disable raw image format processing
allRemove or disable raw image format handlers in ImageMagick policy.xml
Edit /etc/ImageMagick-6/policy.xml or /etc/ImageMagick-7/policy.xml
Add: <policy domain="coder" rights="none" pattern="DNG" />
Add similar lines for other raw formats like CR2, NEF, ARW
Input validation for image dimensions
allValidate image dimensions before processing with ImageMagick
Implement pre-processing checks in your application
Verify extract dimensions do not exceed size dimensions
🧯 If You Can't Patch
- Implement strict input validation for all image processing parameters
- Sandbox ImageMagick processes with minimal privileges and resource limits
🔍 How to Verify
Check if Vulnerable:
Check ImageMagick version with: convert --version | grep VersionCheck Version:
convert --version | grep VersionVerify Fix Applied:
Verify version is 7.1.2-15 or higher, or 6.9.13-40 or higher📡 Detection & Monitoring
Log Indicators:
- ImageMagick process crashes
- Memory access violation errors
- Unusual raw image processing requests
Network Indicators:
- Requests with unusual image dimension parameters
- Multiple failed image processing attempts
SIEM Query:
process_name:"convert" OR process_name:"magick" AND (event_type:"crash" OR error_message:"segmentation fault")