Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
ImageMagick crashes or leaks sensitive data when handling certain DICOM files
DEBIAN-CVE-2026-25982
Summary
ImageMagick software, used for image editing, has a bug that can cause it to crash or leak sensitive information when processing specific types of medical image files. This affects earlier versions of ImageMagick, but patches are available to fix the issue. Update to the latest version to ensure your software is secure.
What to do
- Update debian imagemagick to version 8:7.1.1.43+dfsg1-1+deb13u6.
- Update debian imagemagick to version 8:7.1.2.15+dfsg1-1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | imagemagick | All versions | – |
| debian | imagemagick | All versions | – |
| debian | imagemagick | <= 8:7.1.1.43+dfsg1-1+deb13u6 | 8:7.1.1.43+dfsg1-1+deb13u6 |
| debian | imagemagick | <= 8:7.1.2.15+dfsg1-1 | 8:7.1.2.15+dfsg1-1 |
Original title
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coder...
Original description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/dcm.c` module. When processing DICOM files with a specific configuration, the decoder loop incorrectly reads bytes per iteration. This causes the function to read past the end of the allocated buffer, potentially leading to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). Versions 7.1.2-15 and 6.9.13-40 contain a patch.
osv CVSS3.1
6.5
- https://security-tracker.debian.org/tracker/CVE-2026-25982 Vendor Advisory
Published: 24 Feb 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026