VYPR
← All advisories
Moderate severityNVD Advisory· Published Feb 24, 2026· Updated Feb 26, 2026

ImageMagick has NULL Pointer Dereference in ClonePixelCacheRepository via crafted image

CVE-2026-25798

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in ImageMagick's ClonePixelCacheRepository allows a remote attacker to crash applications via a crafted image, leading to denial of service.

Vulnerability

Overview

A NULL pointer dereference vulnerability exists in the ClonePixelCacheRepository function of ImageMagick, a widely used open-source image processing suite. The root cause lies in the CloneImage function within MagickCore/image.c: when an image has zero columns or rows, CloneImage returns NULL after throwing a CorruptImageError exception. However, the calling function in MagickCore/transform.c (TransformImage) does not check for this NULL return before dereferencing the pointer, leading to a crash [1].

Exploitation

To exploit this vulnerability, a remote attacker only needs to supply a crafted image file that causes image->columns or image->rows to be zero. Any application or service linked against ImageMagick that processes user-supplied images is vulnerable. No authentication is required, and the attack can be triggered simply by the application attempting to transform or clone the malicious image [1][3].

Impact

Successful exploitation results in a denial of service (DoS) as the application or service crashes due to the NULL pointer dereference. This can disrupt operations for web applications, graphic design tools, and other systems relying on ImageMagick for image processing [1][3].

Mitigation

The vulnerability is patched in ImageMagick versions 7.1.2-15 and 6.9.13-40. Users should update to these patched versions immediately. No workarounds are documented, but following security best practices such as validating image dimensions before processing can help mitigate the risk [1][3].

References
  1. Potential NULL Pointer Dereference in MagickCore
  2. NVD - CVE-2026-25798

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Magick.NET-Q16-AnyCPUNuGet
< 14.10.314.10.3
Magick.NET-Q16-HDRI-AnyCPUNuGet
< 14.10.314.10.3
Magick.NET-Q16-HDRI-OpenMP-arm64NuGet
< 14.10.314.10.3
Magick.NET-Q16-HDRI-OpenMP-x64NuGet
< 14.10.314.10.3
Magick.NET-Q16-HDRI-arm64NuGet
< 14.10.314.10.3
Magick.NET-Q16-HDRI-x64NuGet
< 14.10.314.10.3
Magick.NET-Q16-HDRI-x86NuGet
< 14.10.314.10.3
Magick.NET-Q16-OpenMP-arm64NuGet
< 14.10.314.10.3
Magick.NET-Q16-OpenMP-x64NuGet
< 14.10.314.10.3
Magick.NET-Q16-OpenMP-x86NuGet
< 14.10.314.10.3
Magick.NET-Q16-arm64NuGet
< 14.10.314.10.3
Magick.NET-Q16-x64NuGet
< 14.10.314.10.3
Magick.NET-Q16-x86NuGet
< 14.10.314.10.3
Magick.NET-Q8-AnyCPUNuGet
< 14.10.314.10.3
Magick.NET-Q8-OpenMP-arm64NuGet
< 14.10.314.10.3
Magick.NET-Q8-OpenMP-x64NuGet
< 14.10.314.10.3
Magick.NET-Q8-arm64NuGet
< 14.10.314.10.3
Magick.NET-Q8-x86NuGet
< 14.10.314.10.3

Affected products

2
  • ImageMagick/Imagemagickllm-fuzzy2 versions
    <= 7.1.2-15, <= 6.9.13-40+ 1 more
    • (no CPE)range: <= 7.1.2-15, <= 6.9.13-40
    • (no CPE)range: >= 7.0.0, < 7.1.2-15

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.