Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-25987

Опубликовано: 24 фев. 2026
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

A flaw was found in ImageMagick. A remote attacker could exploit a heap buffer over-read vulnerability in the MAP image decoder by providing a specially crafted MAP file. This could lead to the application crashing, resulting in a denial of service, or unintended memory disclosure during image decoding.

Отчет

This MODERATE impact vulnerability in ImageMagick's MAP image decoder can lead to crashes or unintended memory disclosure when processing specially crafted MAP files. Red Hat Enterprise Linux 6 ELS and 7 ELS are affected by this flaw.

Меры по смягчению последствий

To mitigate this issue, avoid processing untrusted MAP image files with ImageMagick. Restrict the sources of MAP files to only trusted origins to prevent potential exploitation.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ImageMagickOut of support scope
Red Hat Enterprise Linux 7ImageMagickOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2442115ImageMagick: ImageMagick: Memory disclosure and denial of service via crafted MAP files

EPSS

Процентиль: 3%
0.00014
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-25987

CVSS3: 5.3
ubuntu
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

nvd логотип

CVE-2026-25987

CVSS3: 5.3
nvd
около 1 месяца назад

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory disclosure during image decoding. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

debian логотип

CVE-2026-25987

CVSS3: 5.3
debian
около 1 месяца назад

ImageMagick is free and open-source software used for editing and mani ...

github логотип

GHSA-42p5-62qq-mmh7

CVSS3: 5.3
github
около 1 месяца назад

ImageMagick has a heap buffer over-read in its MAP image decoder

suse-cvrf логотип

SUSE-SU-2026:0854-1

suse-cvrf
19 дней назад

Security update for ImageMagick

EPSS

Процентиль: 3%
0.00014
Низкий

5.3 Medium

CVSS3