Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
5.5

ImageMagick mishandles large image extracts leading to potential data exposure

DEBIAN-CVE-2026-25576
Summary

Using ImageMagick with images larger than the specified extract size can cause data to be exposed. This affects older versions of ImageMagick, but patches are available to fix the issue. If you use ImageMagick, update to a fixed version to prevent potential data exposure.

What to do
  • Update debian imagemagick to version 8:7.1.1.43+dfsg1-1+deb13u6.
  • Update debian imagemagick to version 8:7.1.2.15+dfsg1-1.
Affected software
VendorProductAffected versionsFix available
debian imagemagick All versions
debian imagemagick All versions
debian imagemagick <= 8:7.1.1.43+dfsg1-1+deb13u6 8:7.1.1.43+dfsg1-1+deb13u6
debian imagemagick <= 8:7.1.2.15+dfsg1-1 8:7.1.2.15+dfsg1-1
Original title
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw...
Original description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larger than -size dimensions, causing out-of-bounds memory reads from a heap-allocated buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
osv CVSS3.1 5.5
Published: 24 Feb 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026