Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-25798

Опубликовано: 24 фев. 2026
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

A flaw was found in ImageMagick. A remote attacker can exploit a NULL pointer dereference vulnerability by supplying a specially crafted image file. This can cause any application linked against ImageMagick to crash, leading to a Denial of Service (DoS).

Отчет

MODERATE: This flaw in ImageMagick allows a remote attacker to cause a denial of service by providing a specially crafted image file. Applications linked against ImageMagick in Red Hat Enterprise Linux 6 and 7 are affected if they process untrusted image files. Exploitation requires the processing of a malicious image.

Меры по смягчению последствий

To mitigate this issue, restrict the processing of untrusted image files by applications that utilize ImageMagick. Implement input validation and sanitization for all image files originating from external or untrusted sources. If possible, run applications processing untrusted images in a sandboxed environment to limit potential impact.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2442119ImageMagick: ImageMagick: Denial of Service via crafted image file

EPSS

Процентиль: 34%
0.00139
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-25798

CVSS3: 5.3
ubuntu
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

nvd логотип

CVE-2026-25798

CVSS3: 5.3
nvd
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

debian логотип

CVE-2026-25798

CVSS3: 5.3
debian
около 1 месяца назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-p863-5fgm-rgq4

CVSS3: 5.3
github
около 1 месяца назад

ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image

suse-cvrf логотип

SUSE-SU-2026:0853-1

suse-cvrf
19 дней назад

Security update for ImageMagick

EPSS

Процентиль: 34%
0.00139
Низкий

5.3 Medium

CVSS3