Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-25983

Опубликовано: 24 фев. 2026
Источник: debian
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
imagemagickfixed8:7.1.2.15+dfsg1-1package

Примечания

  • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566

  • Fixed by: https://github.com/ImageMagick/ImageMagick/commit/b4f8e1a387dd1d0a0af516071831a235f2fdf437 (7.1.2-14)

  • Fixed by: https://github.com/ImageMagick/ImageMagick/commit/257200cb21de23404dce5f8261871845d425dee5 (7.1.2-14)

  • Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/e5d3ca6dfb76dccb5bdf73c74135e0fde2f9d0b7 (6.9.13-39)

EPSS

Процентиль: 7%
0.00026
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-25983

CVSS3: 5.3
ubuntu
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

redhat логотип

CVE-2026-25983

CVSS3: 5.3
redhat
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

nvd логотип

CVE-2026-25983

CVSS3: 5.3
nvd
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

github логотип

GHSA-fwqw-2x5x-w566

CVSS3: 5.3
github
около 1 месяца назад

ImageMagick has Use After Free in MSLStartElement in "coders/msl.c"

suse-cvrf логотип

SUSE-SU-2026:0854-1

suse-cvrf
19 дней назад

Security update for ImageMagick

EPSS

Процентиль: 7%
0.00026
Низкий