Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-25897

Опубликовано: 24 фев. 2026
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

A flaw was found in ImageMagick. An integer overflow vulnerability in the sun decoder allows a remote attacker to cause an out-of-bounds heap write by processing a carefully crafted image. This issue primarily affects 32-bit systems and builds, potentially leading to a denial of service.

Отчет

This MODERATE impact vulnerability in ImageMagick's sun decoder can lead to an out-of-bounds heap write on 32-bit systems when processing a specially crafted image. Red Hat Enterprise Linux 6 ELS and 7 ELS, which support 32-bit architectures, are potentially affected if ImageMagick is used to process untrusted image files.

Меры по смягчению последствий

To mitigate this vulnerability, avoid processing untrusted or maliciously crafted image files with ImageMagick on 32-bit systems. Limiting the sources of image files processed by ImageMagick can reduce the risk of exploitation.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2442098ImageMagick: ImageMagick: Out-of-bounds heap write via integer overflow in sun decoder

EPSS

Процентиль: 18%
0.00056
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-25897

CVSS3: 6.5
ubuntu
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

nvd логотип

CVE-2026-25897

CVSS3: 6.5
nvd
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

debian логотип

CVE-2026-25897

CVSS3: 6.5
debian
около 1 месяца назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-6j5f-24fw-pqp4

CVSS3: 6.5
github
около 1 месяца назад

ImageMagick: Heap overflow in sun decoder on 32-bit systems may result in out of bounds write

suse-cvrf логотип

SUSE-SU-2026:0853-1

suse-cvrf
19 дней назад

Security update for ImageMagick

EPSS

Процентиль: 18%
0.00056
Низкий

6.5 Medium

CVSS3