ImageMagick has NULL pointer dereference in ReadSFWImage after DestroyImageInfo (sfw.c)
Description
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in ReadSFWImage() (coders/sfw.c), when temporary file creation fails, read_info is destroyed before its filename member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ImageMagick crashes due to NULL pointer dereference in ReadSFWImage when temporary file creation fails, patched in versions 7.1.2-15 and 6.9.13-40.
Vulnerability
Details
In ImageMagick's ReadSFWImage() function in coders/sfw.c, when temporary file creation fails, the ReadImage() function destroys the ImageInfo structure (read_info) before accessing its filename member. This results in a NULL pointer dereference, causing a crash. The issue affects all versions prior to 7.1.2-15 and 6.9.13-40 [2].
Exploitation
The vulnerability can be triggered by processing a specially crafted SFW image that causes the temporary file creation to fail. No authentication is required if an attacker can supply an image to ImageMagick. The attack vector is local or remote if the software is used to process user-uploaded images.
Impact
Successful exploitation leads to a denial of service via application crash. There is no indication of memory corruption beyond the NULL dereference, and no code execution is reported.
Mitigation
ImageMagick has released patched versions 7.1.2-15 and 6.9.13-40. Users should update to these versions or apply the relevant patch. This issue is tracked as GHSA-p33r-fqw2-rqmm and is included in the Magick.NET 14.10.3 release notes [3].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Magick.NET-Q16-AnyCPUNuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-AnyCPUNuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-OpenMP-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-OpenMP-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-HDRI-x86NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-OpenMP-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-OpenMP-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-OpenMP-x86NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q16-x86NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-AnyCPUNuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-OpenMP-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-OpenMP-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-arm64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-x64NuGet | < 14.10.3 | 14.10.3 |
Magick.NET-Q8-x86NuGet | < 14.10.3 | 14.10.3 |
Affected products
2<7.1.2-15, <6.9.13-40+ 1 more
- (no CPE)range: <7.1.2-15, <6.9.13-40
- (no CPE)range: >= 7.0.0, < 7.1.2-15
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-p33r-fqw2-rqmmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-25795ghsaADVISORY
- github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50ghsaWEB
- github.com/ImageMagick/ImageMagick/commit/55c344f4b514213642da41194bab57b4476fb9f5ghsaWEB
- github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmmghsax_refsource_CONFIRMWEB
- github.com/dlemstra/Magick.NET/releases/tag/14.10.3ghsaWEB
News mentions
0No linked articles in our index yet.