Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-88yk-kthd-5qgr
Vulnerability ID VCID-88yk-kthd-5qgr
Aliases CVE-2026-25798
GHSA-p863-5fgm-rgq4
Summary ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image A NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in Denial of Service. ``` AddressSanitizer:DEADLYSIGNAL ================================================================= ==3704942==ERROR: AddressSanitizer: UNKNOWN SIGNAL on unknown address 0x000000000000 (pc 0x7f9d141239e0 bp 0x7ffd4c5711e0 sp 0x7ffd4c571148 T0)
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-476 NULL Pointer Dereference
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3
https://github.com/ImageMagick/ImageMagick
https://github.com/ImageMagick/ImageMagick/commit/e046417675d5c26e5f48816851a406c121c77469
https://github.com/ImageMagick/ImageMagick/issues/8567
CVE-2026-25798 https://nvd.nist.gov/vuln/detail/CVE-2026-25798
GHSA-p863-5fgm-rgq4 https://github.com/advisories/GHSA-p863-5fgm-rgq4
GHSA-p863-5fgm-rgq4 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:50:24.215670+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/magick.net-q16-x64/CVE-2026-25798.yml 38.6.0