logo

Database

Improper resource allocation In imagemagick

Description

ImageMagick: Memory allocation with excessive without limits in the internal SVG decoder A crafted SVG file containing an malicious element causes ImageMagick to attempt to allocate ~674 GB of memory, leading to an out-of-memory abort.

Found via AFL++ fuzzing with afl-clang-lto instrumentation and AddressSanitizer.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 25

10

Aliases

1. CVE-2026-259852. NVD-2026-259853. OSV-DEBIAN-2026-259854. OSV-2026-259855. GHSA-v7g2-m8c5-mf846. GCVE-2026-259857. SECURITY-TRACKER-CVE-2026-25985

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v7g2-m8c5-mf842. https://github.com/ImageMagick/ImageMagick/commit/1a51eb9af00c36724660e294520878fd1f13e3123. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.