Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-25967

Опубликовано: 24 фев. 2026
Источник: redhat
CVSS3: 7.4
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.

A flaw was found in ImageMagick. A remote attacker could exploit a stack-based buffer overflow vulnerability in the FTXT image reader. By providing a specially crafted FTXT file, an attacker could cause out-of-bounds writes on the stack, leading to a crash and resulting in a Denial of Service (DoS).

Отчет

This MODERATE impact flaw in ImageMagick allows a remote attacker to cause a denial of service by providing a specially crafted FTXT file. The vulnerability, a stack-based buffer overflow in the FTXT image reader, can lead to out-of-bounds writes and application crashes. This affects ImageMagick as shipped in Red Hat Enterprise Linux 6 ELS and 7 ELS.

Меры по смягчению последствий

To mitigate this issue, avoid processing untrusted FTXT image files with ImageMagick. If ImageMagick must process untrusted input, consider running the application in a sandboxed environment to limit potential impact.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2442126ImageMagick: ImageMagick: Denial of Service via crafted FTXT file

EPSS

Процентиль: 16%
0.00052
Низкий

7.4 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-25967

CVSS3: 7.4
ubuntu
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.

nvd логотип

CVE-2026-25967

CVSS3: 7.4
nvd
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.

debian логотип

CVE-2026-25967

CVSS3: 7.4
debian
около 1 месяца назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-72hf-fj62-w6j4

CVSS3: 7.4
github
около 1 месяца назад

ImageMagick: Stack buffer overflow in FTXT reader via oversized integer field

suse-cvrf логотип

SUSE-SU-2026:0852-1

suse-cvrf
19 дней назад

Security update for ImageMagick

EPSS

Процентиль: 16%
0.00052
Низкий

7.4 High

CVSS3