Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-25795

Опубликовано: 24 фев. 2026
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in ReadSFWImage() (coders/sfw.c), when temporary file creation fails, read_info is destroyed before its filename member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

A flaw was found in ImageMagick, a widely used image editing and manipulation software. This vulnerability arises from a NULL pointer dereference that occurs when the software attempts to create temporary files and fails. An attacker could exploit this issue to trigger an application crash, leading to a Denial of Service (DoS).

Отчет

This MODERATE impact flaw in ImageMagick can lead to a denial of service due to a NULL pointer dereference when processing a crafted SFW image file. The vulnerability occurs if temporary file creation fails during image processing. Red Hat Enterprise Linux 6 ELS and 7 ELS are affected by this flaw.

Меры по смягчению последствий

To reduce the risk associated with this vulnerability, avoid processing untrusted SFW image files with ImageMagick. If ImageMagick is deployed in environments where it processes untrusted input, consider implementing sandboxing or resource limits for ImageMagick processes to contain potential crashes and limit impact.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2442099ImageMagick: ImageMagick: Denial of Service due to NULL pointer dereference during temporary file creation failure

EPSS

Процентиль: 17%
0.00056
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-25795

CVSS3: 5.3
ubuntu
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

nvd логотип

CVE-2026-25795

CVSS3: 5.3
nvd
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

debian логотип

CVE-2026-25795

CVSS3: 5.3
debian
около 1 месяца назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-p33r-fqw2-rqmm

CVSS3: 5.3
github
около 1 месяца назад

ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c)

suse-cvrf логотип

SUSE-SU-2026:0854-1

suse-cvrf
19 дней назад

Security update for ImageMagick

EPSS

Процентиль: 17%
0.00056
Низкий

5.3 Medium

CVSS3