Количество 9
Количество 9
GHSA-vpxv-r9pg-7gpr
ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer
CVE-2026-25898
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVE-2026-25898
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVE-2026-25898
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVE-2026-25898
ImageMagick is free and open-source software used for editing and mani ...
SUSE-SU-2026:0853-1
Security update for ImageMagick
SUSE-SU-2026:0852-1
Security update for ImageMagick
SUSE-SU-2026:0851-1
Security update for ImageMagick
openSUSE-SU-2026:20337-1
Security update for ImageMagick
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-vpxv-r9pg-7gpr ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2026-25898 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2026-25898 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2026-25898 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| CVE-2026-25898 ImageMagick is free and open-source software used for editing and mani ... | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
 | SUSE-SU-2026:0853-1 Security update for ImageMagick | 19 дней назад | ||
| SUSE-SU-2026:0852-1 Security update for ImageMagick | 19 дней назад | ||
| SUSE-SU-2026:0851-1 Security update for ImageMagick | 19 дней назад | ||
| openSUSE-SU-2026:20337-1 Security update for ImageMagick | 19 дней назад |
Уязвимостей на страницу