CVE-2026-25967 in ImageMagickinfo

Summary

by MITRE • 02/24/2026

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 04/21/2026

The vulnerability CVE-2026-25967 affects ImageMagick, a widely-used open-source software suite for digital image editing and manipulation that processes over 200 image formats including jpeg png gif and tiff. This particular flaw resides within the FTXT image reader component which handles text-based image formats. The issue represents a critical stack-based buffer overflow that occurs when processing specially crafted FTXT files, making it a significant concern for systems that process untrusted image data. The vulnerability was present in ImageMagick versions prior to 7.1.2-15, indicating that organizations using older versions remain at risk of exploitation. This flaw demonstrates the ongoing challenges in image processing software where format parsers must handle malformed or malicious input without causing system instability or potential code execution.

The technical implementation of this vulnerability stems from inadequate bounds checking within the FTXT reader's parsing logic. When a maliciously crafted FTXT file is processed, the parser fails to properly validate input boundaries, leading to out-of-bounds writes that corrupt the stack memory. This type of vulnerability falls under CWE-121 Stack-based Buffer Overflow, which is classified as a fundamental memory safety issue that allows attackers to overwrite adjacent memory locations. The stack corruption typically results in immediate program termination through segmentation faults or access violations, though in some cases such vulnerabilities could potentially be leveraged for more sophisticated attacks if additional conditions are met. The nature of the flaw suggests that the parser does not adequately validate array indices or string lengths when reading FTXT format metadata, allowing attackers to craft inputs that exceed allocated buffer boundaries.

The operational impact of this vulnerability extends across numerous deployment scenarios where ImageMagick is utilized for image processing, including web applications content management systems file upload handlers and automated image processing pipelines. Systems that automatically process user-uploaded images or images from external sources become particularly vulnerable to this flaw, as attackers can craft malicious FTXT files to trigger the buffer overflow during normal processing operations. The vulnerability's exploitation potential increases significantly in environments where ImageMagick is used in server-side processing contexts, as successful exploitation could lead to denial of service attacks that disrupt legitimate operations. Organizations relying on ImageMagick for automated workflows or batch image processing are at risk of service interruption when malicious files are processed, making this a critical concern for infrastructure stability and availability.

Organizations should immediately upgrade to ImageMagick version 7.1.2-15 or later to remediate this vulnerability, as this release contains the necessary patches to prevent the stack-based buffer overflow. System administrators should conduct comprehensive vulnerability assessments to identify all systems running affected versions of ImageMagick and prioritize updates accordingly. Additional mitigations include implementing strict input validation for image file types, deploying web application firewalls to filter potentially malicious file uploads, and establishing robust file type detection mechanisms that prevent execution of untrusted image files through the vulnerable parser. Security teams should also consider implementing sandboxing techniques for image processing operations and monitoring for unusual processing patterns that might indicate exploitation attempts. The vulnerability aligns with ATT&CK technique T1203 Exploitation for Client Execution, as it represents a classic buffer overflow attack vector that can be leveraged for denial of service or potentially more advanced exploitation depending on system configurations and additional vulnerabilities present in the environment.

Responsible

GitHub M

Reservation

02/09/2026

Disclosure

02/24/2026

Moderation

accepted

CPE

ready

EPSS

0.00319

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!