CVE-2026-25982
EUVD-2026-742524.02.2026, 02:16
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 𝑥 < 6.9.13-40 |
| imagemagick | imagemagick | 7.0.0-0 ≤ 𝑥 < 7.1.2-15 |
𝑥
= Vulnerable software versions
openSUSE / SLES Releases
openSUSE Product | |||||||
|---|---|---|---|---|---|---|---|
| ImageMagick |
| ||||||
| ImageMagick-config-7-SUSE |
| ||||||
| ImageMagick-config-7-upstream-limited |
| ||||||
| ImageMagick-config-7-upstream-open |
| ||||||
| ImageMagick-config-7-upstream-secure |
| ||||||
| ImageMagick-config-7-upstream-websafe |
| ||||||
| ImageMagick-devel |
| ||||||
| libMagick++-7_Q16HDRI5 |
| ||||||
| libMagick++-devel |
| ||||||
| libMagickCore-7_Q16HDRI10 |
| ||||||
| libMagickWand-7_Q16HDRI10 |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| ImageMagick |
| ||||
| ImageMagick-c++ |
| ||||
| ImageMagick-c++-debuginfo |
| ||||
| ImageMagick-c++-devel |
| ||||
| ImageMagick-debuginfo |
| ||||
| ImageMagick-debugsource |
| ||||
| ImageMagick-devel |
| ||||
| ImageMagick-doc |
| ||||
| ImageMagick-libs |
| ||||
| ImageMagick-libs-debuginfo |
| ||||
| ImageMagick-perl |
| ||||
| ImageMagick-perl-debuginfo |
|
Common Weakness Enumeration