Search for vulnerabilities
| Vulnerability ID | VCID-jqw7-5bwa-gbfq |
| Aliases |
CVE-2026-25898
GHSA-vpxv-r9pg-7gpr |
| Summary | ImageMagick has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer The UIL and XPM image encoder do not validate the pixel index value returned by `GetPixelIndex()` before using it as an array subscript. In HDRI builds, `Quantum` is a floating-point type, so pixel index values can be negative. An attacker can craft an image with negative pixel index values to trigger a global buffer overflow read during conversion, leading to information disclosure or a process crash. ``` READ of size 1 at 0x55a8823a776e thread T0 |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| epss | 0.00022 | https://api.first.org/data/v1/epss?cve=CVE-2026-25898 |
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-vpxv-r9pg-7gpr |
| cvssv3.1_qr | MODERATE | https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr |
| Percentile | 0.06461 |
| EPSS Score | 0.00022 |
| Published At | May 30, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-30T21:06:46.996440+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Magick.NET-Q16-arm64/CVE-2026-25898.yml | 38.6.0 |