Search for vulnerabilities
| Vulnerability ID | VCID-4nh7-1xks-pbhd |
| Aliases |
CVE-2026-25794
GHSA-vhqj-f5cj-9x8h |
| Summary | ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. When image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. ``` ==1575126==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fc382ef3820 at pc 0x5560d31f229f bp 0x7ffe865f9530 sp 0x7ffe865f9520 WRITE of size 8 at 0x7fc382ef3820 thread T0 |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| epss | 0.00019 | https://api.first.org/data/v1/epss?cve=CVE-2026-25794 |
| cvssv3.1_qr | HIGH | https://github.com/advisories/GHSA-vhqj-f5cj-9x8h |
| cvssv3.1_qr | HIGH | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h |
| Percentile | 0.05679 |
| EPSS Score | 0.00019 |
| Published At | May 30, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-30T21:06:49.510123+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q8-x86/CVE-2026-25794.yml | 38.6.0 |