VYPR
← All advisories
High severityNVD Advisory· Published Feb 24, 2026· Updated Feb 26, 2026

ImageMagick has stack buffer overflow in FTXT reader via oversized integer field

CVE-2026-25967

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A crafted FTXT file can cause out-of-bounds writes on the stack, leading to a crash. Version 7.1.2-15 contains a patch.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stack-based buffer overflow in ImageMagick's FTXT image reader allows out-of-bounds writes via a crafted file, leading to a crash.

Vulnerability

Overview

A stack-based buffer overflow vulnerability exists in the FTXT image reader of ImageMagick, a widely used open-source image processing suite [1]. The flaw, present in versions prior to 7.1.2-15, is triggered when processing a specially crafted FTXT file. The root cause is an oversized integer field that leads to out-of-bounds writes on the stack [4].

Exploitation

An attacker can exploit this vulnerability by providing a malicious FTXT file to an application or service that uses ImageMagick to process images. No authentication is required; the attack vector is local or remote if the application accepts user-supplied images. The crafted file causes the FTXT reader to write beyond the allocated stack buffer, as demonstrated by an AddressSanitizer stack-buffer-overflow error [4].

Impact

Successful exploitation results in a crash of the ImageMagick process, leading to a denial of service (DoS). The vulnerability does not appear to allow arbitrary code execution based on the available information, but the out-of-bounds write could potentially be leveraged for more severe impacts in certain configurations [2][4].

Mitigation

The vulnerability is patched in ImageMagick version 7.1.2-15 [2][4]. Users should update to this version or later. The issue is tracked as GHSA-72hf-fj62-w6j4 and is also addressed in downstream libraries such as Magick.NET 14.10.3 [3]. No workarounds are documented; upgrading is the recommended action.

References
  1. GitHub - ImageMagick/ImageMagick: ImageMagick is a free, open-source software suite for creating, editing, converting, and displaying images. It supports 200+ formats and offers powerful command-line tools and APIs for automation, scripting, and integration across platforms.
  2. NVD - CVE-2026-25967
  3. Release Magick.NET 14.10.3 · dlemstra/Magick.NET
  4. Stack buffer overflow in FTXT reader via oversized integer field

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Magick.NET-Q16-AnyCPUNuGet
< 14.10.314.10.3
Magick.NET-Q16-HDRI-AnyCPUNuGet
< 14.10.314.10.3
Magick.NET-Q16-HDRI-OpenMP-arm64NuGet
< 14.10.314.10.3
Magick.NET-Q16-HDRI-OpenMP-x64NuGet
< 14.10.314.10.3
Magick.NET-Q16-HDRI-arm64NuGet
< 14.10.314.10.3
Magick.NET-Q16-HDRI-x64NuGet
< 14.10.314.10.3
Magick.NET-Q16-HDRI-x86NuGet
< 14.10.314.10.3
Magick.NET-Q16-OpenMP-arm64NuGet
< 14.10.314.10.3
Magick.NET-Q16-OpenMP-x64NuGet
< 14.10.314.10.3
Magick.NET-Q16-OpenMP-x86NuGet
< 14.10.314.10.3
Magick.NET-Q16-arm64NuGet
< 14.10.314.10.3
Magick.NET-Q16-x64NuGet
< 14.10.314.10.3
Magick.NET-Q16-x86NuGet
< 14.10.314.10.3
Magick.NET-Q8-AnyCPUNuGet
< 14.10.314.10.3
Magick.NET-Q8-OpenMP-arm64NuGet
< 14.10.314.10.3
Magick.NET-Q8-arm64NuGet
< 14.10.314.10.3
agick.NET-Q8-x64NuGet
< 14.10.314.10.3
Magick.NET-Q8-x86NuGet
< 14.10.314.10.3

Affected products

2
  • ImageMagick/Imagemagickllm-fuzzy2 versions
    < 7.1.2-15+ 1 more
    • (no CPE)range: < 7.1.2-15
    • (no CPE)range: < 7.1.2-15

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.