CVE-2026-25965

EUVD-2026-7438

24.02.2026, 02:16

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Affected Products (NVD)

Vendor	Product	Version
imagemagick	imagemagick	𝑥 < 6.9.13-40
imagemagick	imagemagick	7.0.0-0 ≤ 𝑥 < 7.1.2-15

𝑥

= Vulnerable software versions

openSUSE / SLES Releases

openSUSE Product

Release

ImageMagick

suse enterprise desktop 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.42.2 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.37.1 fixed

ImageMagick-config-7-SUSE

suse enterprise desktop 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.42.2 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.37.1 fixed

ImageMagick-config-7-upstream

suse enterprise desktop 15 SP7	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP7	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP6	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP7	7.1.0.9-150400.6.68.2 fixed

ImageMagick-config-7-upstream-limited

suse enterprise desktop 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.42.2 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.37.1 fixed

ImageMagick-config-7-upstream-open

suse enterprise desktop 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.42.2 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.37.1 fixed

ImageMagick-config-7-upstream-secure

suse enterprise desktop 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.42.2 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.37.1 fixed

ImageMagick-config-7-upstream-websafe

suse enterprise desktop 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.42.2 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.37.1 fixed

ImageMagick-devel

suse enterprise desktop 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.42.2 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.37.1 fixed

libMagick++-7_Q16HDRI5

suse enterprise desktop 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.42.2 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.37.1 fixed

libMagick++-devel

suse enterprise desktop 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.42.2 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.37.1 fixed

libMagickCore-7_Q16HDRI10

suse enterprise desktop 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.42.2 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.37.1 fixed

libMagickWand-7_Q16HDRI10

suse enterprise desktop 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise sap 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP7	7.1.1.43-150700.3.37.1 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.42.2 fixed
suse enterprise server 15 SP7	7.1.1.43-150700.3.37.1 fixed

perl-PerlMagick

suse enterprise sap 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise sap 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP4	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP5	7.1.0.9-150400.6.68.2 fixed
suse enterprise server 15 SP6	7.1.1.21-150600.3.42.2 fixed

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7