CVE-2026-25989— ImageMagick has integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-25989
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ImageMagick has integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder
Source: NVD (National Vulnerability Database)
Vulnerability Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
ImageMagick 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ImageMagick是ImageMagick开源的一套开源的图像处理软件。可读取、转换或写入多种格式的图片。 ImageMagick 7.1.2-15之前版本和6.9.13-40之前版本存在安全漏洞,该漏洞源于特制SVG文件中的差一错误边界检查,可能导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ImageMagick | ImageMagick | >= 7.0.0, < 7.1.2-15 | - |
II. Public POCs for CVE-2026-25989
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-25989
请登录查看更多情报信息。
Same Patch Batch · ImageMagick · 2026-02-24 · 32 CVEs total
| CVE-2026-25965 | 8.6 HIGH | ImageMagick's policy bypass through path traversal allows reading restricted content despi |
| CVE-2026-25794 | 8.2 HIGH | ImageMagick has heap-buffer-overflow via signed integer overflow in `WriteUHDRImage` when |
| CVE-2026-24481 | 7.5 HIGH | ImageMagick has Possible Heap Information Disclosure in PSD ZIP Decompression |
| CVE-2026-24485 | 7.5 HIGH | ImageMagick: Infinite loop vulnerability when parsing a PCD file |
| CVE-2026-25985 | 7.5 HIGH | Memory allocation with excessive without limits in the internal SVG decoder |
| CVE-2026-25968 | 7.4 HIGH | ImageMagick has MSL attribute stack buffer overflow that leads to out of bounds write. |
| CVE-2026-25967 | 7.4 HIGH | ImageMagick has stack buffer overflow in FTXT reader via oversized integer field |
| CVE-2026-25897 | 6.5 MEDIUM | ImageMagick has heap overflow in sun decoder on 32-bit systems that can result in out of b |
| CVE-2026-26284 | 6.5 MEDIUM | ImageMagick has heap overflow in pcd decoder that leads to out of bounds read. |
| CVE-2026-25898 | 6.5 MEDIUM | Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM |
| CVE-2026-25982 | 6.5 MEDIUM | ImageMagick Has Heap Out-of-Bounds Read in DCM Decoder (ReadDCMImage) |
| CVE-2026-26066 | 6.2 MEDIUM | ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted |
| CVE-2026-26283 | 6.2 MEDIUM | ImageMagick has possible infinite loop in JPEG encoder when using `jpeg:extent` |
| CVE-2026-25971 | 6.2 MEDIUM | ImageMagick's MSL: Stack overflow in ProcessMSLScript |
| CVE-2026-25966 | 5.9 MEDIUM | ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" lea |
| CVE-2026-25797 | 5.7 MEDIUM | ImageMagick vulnerable to Code injection via PostScript header in ps coders |
| CVE-2026-25988 | 5.3 MEDIUM | ImageMagick's MSL image stack index not refreshed, leading to leaked images. |
| CVE-2026-25983 | 5.3 MEDIUM | ImageMagick has Use After Free in MSLStartElement in "coders/msl.c" |
| CVE-2026-25987 | 5.3 MEDIUM | ImageMagick has heap buffer over-read in MAP image decoder |
| CVE-2026-25970 | 5.3 MEDIUM | ImageMagick SIXEL Decoder Has Signed Integer Overflow, Leading to Memory Corruption |
Showing top 20 of 32 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: ImageMagick
- CVE-2026-40312
ImageMagick: Off-by-One in MSL decoder could result in crash - CVE-2026-40311
ImageMagick: Heap-use-after-free via XMP profile could resul - CVE-2026-40310
ImageMagick: Heap out-of-bounds write in JP2 encoder - CVE-2026-40183
ImageMagick: Heap buffer overflow when encoding JXL image wi - CVE-2026-40169
ImageMagick: Heap buffer overflow (WRITE) in the YAML and JS
Same vendor: ImageMagick
- CVE-2026-40312
ImageMagick: Off-by-One in MSL decoder could result in crash - CVE-2026-40311
ImageMagick: Heap-use-after-free via XMP profile could resul - CVE-2026-40310
ImageMagick: Heap out-of-bounds write in JP2 encoder - CVE-2026-40183
ImageMagick: Heap buffer overflow when encoding JXL image wi - CVE-2026-40169
ImageMagick: Heap buffer overflow (WRITE) in the YAML and JS
Same weakness: CWE-190
- CVE-2026-7568
Signed integer overflow in metaphone() - CVE-2026-42311
Pillow: OOB Write with Invalid PSD Tile Extents (Integer Ove - CVE-2026-42308
Pillow: Integer overflow when processing fonts - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-42199
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-AP
V. Comments for CVE-2026-25989
No comments yet