Fluid Attacks Database

Description

ImageMagick has heap-buffer-overflow via signed integer overflow in WriteUHDRImage when writing UHDR images with large dimensions WriteUHDRImage in coders/uhdr.c uses int arithmetic to compute the pixel buffer size. When image dimensions are large, the multiplication overflows 32-bit int, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write.

==1575126==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fc382ef3820 at pc 0x5560d31f229f bp 0x7ffe865f9530 sp 0x7ffe865f9520
WRITE of size 8 at 0x7fc382ef3820 thread T0
    #0 0x5560d31f229e in WriteUHDRImage coders/uhdr.c:807

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	magick.net-q16-hdri-anycpu	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-openmp-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-openmp-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-openmp-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-anycpu	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-x64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-hdri-x86	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-openmp-arm64	>=0 <14.10.3	14.10.3
nuget	magick.net-q16-openmp-x86	>=0 <14.10.3	14.10.3

1-10 of 22

Aliases

1. CVE-2026-257942. NVD-2026-257943. OSV-2026-257944. OSV-DEBIAN-2026-257945. GHSA-vhqj-f5cj-9x8h6. GCVE-2026-257947. SECURITY-TRACKER-CVE-2026-25794

References

1. https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h2. https://github.com/ImageMagick/ImageMagick/commit/ffe589df5ff8ce1433daa4ccb0d2a9fadfbe30ed3. https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.